CVE-2016-1302

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

Published: Feb 7, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1302
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
samsung / x14j_firmware	t-ms14jakucb-1102.5	t-ms14jakucb-1102.5.x
sun / opensolaris	snv_124	snv_124.x
zyxel / gs1900-10hp_firmware	-	2.50\(aazi.0\)c0
zzinc / keymouse_firmware	3.08	3.08.x
cisco / nx-os	base	base.x

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic
http://www.securitytracker.com/id/1034925

Vulnerability Database

289,599

CVE-2016-1302