CVE-2017-6767

CWE-269 — Improper Privilege Management CWE-2644 documents4 sources

Severity

7.1HIGH

EPSS

0.9%

top 24.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Systems, Inc. Application Policy Infrastructure Controller (apic)Cisco Application Policy Infrastructure Controller

Timeline

PublishedAug 17

Latest updateMay 13

Description

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to re…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco_systems,_inc./application_policy_infrastructure_controller_(apic)5 versions+4

▶NVDcisco/application_policy_infrastructure_controller24 versions+23

🔴Vulnerability Details

GHSA

GHSA-ppmg-gqm4-4xj4: A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges t↗2022-05-13

▶

CVEList

CVE-2017-6767: A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges t↗2017-08-17

▶

📋Vendor Advisories

Cisco

Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability↗2017-08-16

▶