—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
Advisory ID: cisco-sa-20170816-apic1
Revision: 1.0
For Public Release: 2017 August 16 16:00 GMT
Last Updated: 2017 August 16 16:00 GMT
CVE ID(s): CVE-2017-6767
CVSS Score v(3): 7.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges.
The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker’s privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker’s configured role.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1”]
—–BEGIN PGP SIGNATURE—–
iQKBBAEBAgBrBQJZlGzqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmlbw/6AnWNPWHe2W41FaxV
uSKOoeuBbquN5Fs1fK44VeuDhXq75M5idEZUzp7Okv7VeffVR0tG87G14pFexGL2
rw2Vkz5Q6KWvJbNQlerVFFxm2oqm3y63ieNrXKNxt+AEgU+7zWP7OPM9Io8Y+oWl
cPnwAuCfCP3Z2Rla1uCsHhY9MzQWTZdKptqYsAn5YoP46Uy9+nQPoWNZuC2X9rKO
2OsSxE5paSOnoGVX0dUgVp/8nr5lAG2EvSRq1M3PEZz9m65Amd7rCbgSW2zgib8u
tHB9V+4+bdD7Bi3kBsPE7b1D6dsl7IMRqps7ncGX/RxN5eSQ84Tut/CVnRu45k34
KxzPXmdt7QxKwBOuLvkam5X9S7bilJuRXm0e9OFwnYBKG70p+y/oq7+/ZW5Ag+W/
DG3SK5WmceElxSfOF5IC4IhlFR05q6pKocxn+D5AzAfrGj3fWlv261Q/+UaPJ8UQ
97oHOXB7KQHJIFXZ3gFupDm1/tA55QrzJIQqjrdhRGyTwGonFw/O29e2ua8au0cJ
ElopT/P+VADRpf2vVGiT4L/ewZOctUIlFtLR7gpxmG9X6+xTQQHt3efU6qTs/uGe
VxGWuATxCAplEheBDFY5vdf+n24lqjX9Cn9Veo/HUpIhGmzMMMO9DNVsPi49qSO/
5N4vbz/6tuNs06eCcn10+MtpUXE=
=dFHp
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com