Vulnerability Details : CVE-2015-4235
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.
Products affected by CVE-2015-4235
- cpe:2.3:o:cisco:nx-os:11.0\(1b\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(1c\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(2j\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(2m\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(3k\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(3n\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(1d\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(1e\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(4h\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(3f\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:11.0\(3i\):*:*:*:*:*:*:*
- cpe:2.3:o:cisco:application_policy_infrastructure_controller_\(apic\):1.0\(1e\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4235
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4235
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2015-4235
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4235
-
http://www.securitytracker.com/id/1033025
Cisco NX-OS Application Policy Infrastructure Controller (APIC) Lets Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic
Cisco Application Policy Infrastructure Controller Access Control VulnerabilityVendor Advisory
Jump to