CyberSec.Space Logo
Back to CVE Browser

CVE-2016-1365

HIGH
8.8
CVSS Severity Score
EPSS Score0.0270%
EPSS Percentile15.06th
PublishedAug 18, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.

Affected Platforms (CPE)

πŸ“¦
Cisco

Application Policy Infrastructure Controller Enterprise Module

= 1.0.10

References & Advisories

πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
πŸ”— http://www.securityfocus.com/bid/92507
πŸ”— http://www.securitytracker.com/id/1036634
πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
πŸ”— http://www.securityfocus.com/bid/92507
πŸ”— http://www.securitytracker.com/id/1036634

Related Vulnerabilities

CVE-2017-122628.8

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (API...

CVE-2016-13867.5

The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof ...

CVE-2017-38737.5

A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Ligh...

CVE-2015-63376.1

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 ...