{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-06-10T01:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20160609 Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1420", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160609 Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.344Z"}, "title": "CVE Program Container", "references": [{"name": "20160609 Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1420", "datePublished": "2016-06-10T01:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.344Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:application_infrastructure_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "E660D79C-0273-48AB-A8D9-CE9E5B29E9D8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(1e\\):*:*:*:*:*:*:*", "matchCriteriaId": "139B6124-85F6-42E8-971A-DB856EF5AAC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(1h\\):*:*:*:*:*:*:*", "matchCriteriaId": "FA151405-52B1-4083-93B2-3F5226103DF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(1k\\):*:*:*:*:*:*:*", "matchCriteriaId": "F35AC2E8-3A51-4EC8-AE12-DC5487DEE407", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(1n\\):*:*:*:*:*:*:*", "matchCriteriaId": "01DAF940-D3C7-4D17-8C82-C21186825FBE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(2j\\):*:*:*:*:*:*:*", "matchCriteriaId": "5D63750F-DD3C-4A17-88FB-E4D3E2DB4605", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(2m\\):*:*:*:*:*:*:*", "matchCriteriaId": "897EBF17-1CFB-4987-9924-212286BC2C65", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(3f\\):*:*:*:*:*:*:*", "matchCriteriaId": "A5003326-DB6A-4E26-AE5E-8330BFED8BFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(3i\\):*:*:*:*:*:*:*", "matchCriteriaId": "5E955E14-4343-41CC-BF40-4C72509CA960", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(3k\\):*:*:*:*:*:*:*", "matchCriteriaId": "3750DA86-C98F-4893-8E55-A1315FD9A58A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(3n\\):*:*:*:*:*:*:*", "matchCriteriaId": "540F030A-51DB-4406-A96A-0D355ECA38BD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(4h\\):*:*:*:*:*:*:*", "matchCriteriaId": "82636FE9-5B70-43DB-B6DE-1CAB249D3F3C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\\(4o\\):*:*:*:*:*:*:*", "matchCriteriaId": "AC741864-308B-4F54-9D48-84125DA0EEB3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\\(0.920a\\):*:*:*:*:*:*:*", "matchCriteriaId": "4DFCFD66-3A42-46A3-B8F4-BBEE722092BA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\\(1j\\):*:*:*:*:*:*:*", "matchCriteriaId": "0860BE70-2F40-42BF-90E7-BE8D80C207AE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\\(3f\\):*:*:*:*:*:*:*", "matchCriteriaId": "03DD4841-B371-48E3-BD1F-67A60644E6B1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347."}, {"lang": "es", "value": "El componente de instalaci\u00f3n en dispositivos Cisco Application Policy Infrastructure Controller (APIC) con software en versiones anteriores a 1.3(2f) no maneja correctamente archivos binarios, lo que permite a usuarios locales obtener acceso root a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCuz72347."}], "id": "CVE-2016-1420", "lastModified": "2016-06-10T21:31:34.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-10T01:59:05.037", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}