Vulnerability Description
Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | 1.0\(1.110a\) |
| Cisco | Nexus 93120Tx | - |
| Cisco | Nexus 93128Tx | - |
| Cisco | Nexus 9332Pq | - |
| Cisco | Nexus 9336Pq Aci Spine | - |
| Cisco | Nexus 9372Px | - |
| Cisco | Nexus 9372Tx | - |
| Cisco | Nexus 9396Px | - |
| Cisco | Nexus 9396Tx | - |
| Cisco | Nexus 9504 | - |
| Cisco | Nexus 9508 | - |
| Cisco | Nexus 9516 | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39529Vendor Advisory
- http://www.securityfocus.com/bid/75433Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032735Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39529Vendor Advisory
- http://www.securityfocus.com/bid/75433Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032735Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-4225?
CVE-2015-4225 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obta...
How severe is CVE-2015-4225?
CVE-2015-4225 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4225?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 93120Tx, Cisco Nexus 93128Tx, Cisco Nexus 9332Pq, Cisco Nexus 9336Pq Aci Spine.