CVE-2016-1302

Low

Low Medium High Critical

CVSS Score

Published: Feb 07, 2016

Last Modified: Apr 12, 2025

Vulnerability Description

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

Known Affected Software

4 configuration(s) from 4 vendor(s)

nx-os

Version:

base

CPE:

cpe:2.3:o:cisco:nx-os:base:*:*:*:*:*:*:*

x14j_firmware

Version:

t-ms14jakucb-1102.5

CPE:

cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*

opensolaris

Version:

snv_124

CPE:

cpe:2.3:o:sun:opensolaris:snv_124:*:*:*:*:*:*:*

keymouse_firmware

Version:

3.08

CPE:

cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*

This vulnerability affects 4 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-284

Improper Access Control

Description: The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Typical Severity: Medium
Abstraction Level: Pillar