Vulnerability Details : CVE-2017-6767
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).
Products affected by CVE-2017-6767
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\(0.920a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\(2f\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\(3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\(1j\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\(3f\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(3i\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(2j\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(3f\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(1h\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(2m\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(1k\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(1n\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(1e\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(3n\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(4h\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(4o\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.0\(3k\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6767
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6767
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:N/AC:H/Au:S/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2017-6767
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6767
-
http://www.securityfocus.com/bid/100400
Cisco Application Policy Infrastructure Controller CVE-2017-6767 Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039180
Cisco Application Policy Infrastructure Controller Access Control Flaw for SSH Logins Lets Remote Authenticated Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
Cisco Application Policy Infrastructure Controller SSH Privilege Escalation VulnerabilityVendor Advisory
Jump to