Back to CVE Browser

CVE-2015-4235

CRITICAL

9.0

CVSS Severity Score

EPSS Score0.0270%

EPSS Percentile36.49th

PublishedJul 24, 2015

Last ModifiedMay 6, 2026

Vulnerability Description

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.

Affected Platforms (CPE)

💻

Cisco

Application Policy Infrastructure Controller \(apic\)

= 1.0\(1e\)

💻

Cisco

Nx Os

= 11.0\(1b\)

💻

Cisco

Nx Os

= 11.0\(1c\)

💻

Cisco

Nx Os

= 11.0\(1d\)

💻

Cisco

Nx Os

= 11.0\(1e\)

💻

Cisco

Nx Os

= 11.0\(2j\)

💻

Cisco

Nx Os

= 11.0\(2m\)

💻

Cisco

Nx Os

= 11.0\(3f\)

💻

Cisco

Nx Os

= 11.0\(3i\)

💻

Cisco

Nx Os

= 11.0\(3k\)

💻

Cisco

Nx Os

= 11.0\(3n\)

💻

Cisco

Nx Os

= 11.0\(4h\)

References & Advisories

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic

🔗 http://www.securitytracker.com/id/1033025

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic

🔗 http://www.securitytracker.com/id/1033025

Related Vulnerabilities

CVE-2021-138810.0

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could a...

CVE-2021-15779.1

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy...

CVE-2021-15788.8

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy...

CVE-2016-13028.8

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 90...