CVE-2017-6768

CWE-426 CWE-2644 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 75.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Systems, Inc. Application Policy Infrastructure Controller (apic)Cisco Application Policy Infrastructure Controller

Timeline

PublishedAug 17

Latest updateMay 13

Description

A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and load…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco_systems,_inc./application_policy_infrastructure_controller_(apic)4 versions+3

▶NVDcisco/application_policy_infrastructure_controller12 versions+11

🔴Vulnerability Details

GHSA

GHSA-869x-pmmv-pm7c: A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controlle↗2022-05-13

▶

CVEList

CVE-2017-6768: A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controlle↗2017-08-17

▶

📋Vendor Advisories

Cisco

Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability↗2017-08-16

▶