返回 CVE 浏览器

CVE-2015-4235

CRITICAL

9.0

CVSS Severity Score

EPSS Score0.0270%

EPSS Percentile36.49th

Published2015年7月24日

Last Modified2026年5月6日

Vulnerability Description

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.

Affected Platforms (CPE)

💻

Cisco

Application Policy Infrastructure Controller \(apic\)

= 1.0\(1e\)

💻

Cisco

Nx Os

= 11.0\(1b\)

💻

Cisco

Nx Os

= 11.0\(1c\)

💻

Cisco

Nx Os

= 11.0\(1d\)

💻

Cisco

Nx Os

= 11.0\(1e\)

💻

Cisco

Nx Os

= 11.0\(2j\)

💻

Cisco

Nx Os

= 11.0\(2m\)

💻

Cisco

Nx Os

= 11.0\(3f\)

💻

Cisco

Nx Os

= 11.0\(3i\)

💻

Cisco

Nx Os

= 11.0\(3k\)

💻

Cisco

Nx Os

= 11.0\(3n\)

💻

Cisco

Nx Os

= 11.0\(4h\)

References & Advisories

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic

🔗 http://www.securitytracker.com/id/1033025

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic

🔗 http://www.securitytracker.com/id/1033025

相关漏洞威胁

CVE-2021-138810.0

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could a...

CVE-2021-15779.1

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy...

CVE-2021-15788.8

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy...

CVE-2016-13028.8

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 90...