CVE-2016-1302

CWE-284Improper Access ControlCWE-2644 documents4 sources
Severity
8.8HIGH
EPSS
0.2%
top 54.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Zyxel Gs1900-10hp FirmwareCisco Nx-osSamsung X14j Firmware+2 more
Timeline
PublishedFeb 7
Latest updateMay 17

Description

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDcisco/nx-osbase
NVDzyxel/gs1900-10hp_firmware< 2.50\(aazi.0\)c0
NVDsun/opensolarissnv_124
NVDsamsung/x14j_firmwaret-ms14jakucb-1102.5

🔴Vulnerability Details

2
GHSA
GHSA-wjw2-7prx-p46x: Cisco Application Policy Infrastructure Controller (APIC) devices with software before 12022-05-17
CVEList
CVE-2016-1302: Cisco Application Policy Infrastructure Controller (APIC) devices with software before 12016-02-07

📋Vendor Advisories

1
Cisco
Cisco Application Policy Infrastructure Controller Access Control Vulnerability2016-02-04