Vulnerability Details : CVE-2015-4225
Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485.
Products affected by CVE-2015-4225
- cpe:2.3:o:cisco:nx-os:1.0\(1.110a\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:1.0\(1e\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4225
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4225
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2015-4225
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4225
-
http://www.securitytracker.com/id/1032735
Cisco NX-OS Application Policy Infrastructure Controller RBAC Handling Flaw Lets Remote Authenticated Users View Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/75433
Cisco Application Policy Infrastructure Controller CVE-2015-4225 Unauthorized Access VulnerabilityThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=39529
Cisco Application Policy Infrastructure Controller Unauthorized Access VulnerabilityVendor Advisory
Jump to