1. Home
  2. CVE Database
  3. CVE-2016-1302
HIGH · 8.8

CVE-2016-1302

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11....

Vulnerability Description

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SamsungX14J Firmwaret-ms14jakucb-1102.5
SunOpensolarissnv_124
ZyxelGs1900-10Hp Firmware< 2.50\(aazi.0\)c0
ZzincKeymouse Firmware3.08
CiscoNexus 92160Yc-X-
CiscoNexus 92304Qc-
CiscoNexus 9236C-
CiscoNexus 9272Q-
CiscoNexus 93108Tc-Ex-
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 93180Yc-Ex-
CiscoNexus 9332Pq-
CiscoNexus 9336Pq Aci Spine-
CiscoNexus 9372Px-
CiscoNexus 9372Tx-
CiscoNexus 9396Px-
CiscoNexus 9396Tx-
CiscoNexus 9504-
CiscoNexus 9508-

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2016-1302?

CVE-2016-1302 is a vulnerability with a CVSS score of 8.8 (HIGH). Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11....

How severe is CVE-2016-1302?

CVE-2016-1302 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-1302?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung X14J Firmware, Sun Opensolaris, Zyxel Gs1900-10Hp Firmware, Zzinc Keymouse Firmware, Cisco Nexus 92160Yc-X.