Vulnerability Details : CVE-2016-1365
The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.
Vulnerability category: Input validation
Products affected by CVE-2016-1365
- cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.0.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1365
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1365
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-1365
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1365
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/92507
Cisco APIC-EM CVE-2016-1365 Remote Code Execution Vulnerability
-
http://www.securitytracker.com/id/1036634
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) Input Validation Flaw in Grapevine Update Process Lets Remote Authenticated Users Execute Arbitrary Commands on the Targe
Jump to