CVE-2017-6768 - OpenCVE

Vendors	Products
Cisco	Application Policy Infrastructure Controller

Link	Providers
http://www.securityfocus.com/bid/100363
http://www.securitytracker.com/id/1039179
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2

{"containers": {"cna": {"affected": [{"product": "Application Policy Infrastructure Controller (APIC)", "vendor": "Cisco Systems, Inc.", "versions": [{"status": "affected", "version": "1.1(0.920a), 1.1(1j), 1.1(3f)"}, {"status": "affected", "version": "1.2 Base, 1.2(2), 1.2(3), 1.2.2"}, {"status": "affected", "version": "1.3(1), 1.3(2), 1.3(2f)"}, {"status": "affected", "version": "2.0 Base, 2.0(1)"}]}], "datePublic": "2017-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1)."}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-18T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "100363", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100363"}, {"name": "1039179", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039179"}, {"name": "20170816 Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2017-08-16T00:00:00", "ID": "CVE-2017-6768", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Application Policy Infrastructure Controller (APIC)", "version": {"version_data": [{"version_value": "1.1(0.920a), 1.1(1j), 1.1(3f)"}, {"version_value": "1.2 Base, 1.2(2), 1.2(3), 1.2.2"}, {"version_value": "1.3(1), 1.3(2), 1.3(2f)"}, {"version_value": "2.0 Base, 2.0(1)"}]}}]}, "vendor_name": "Cisco Systems, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation"}]}]}, "references": {"reference_data": [{"name": "100363", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100363"}, {"name": "1039179", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039179"}, {"name": "20170816 Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:41:17.110Z"}, "title": "CVE Program Container", "references": [{"name": "100363", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100363"}, {"name": "1039179", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039179"}, {"name": "20170816 Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6768", "datePublished": "2017-08-17T20:00:00Z", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2024-09-17T01:41:54.517Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(0.920a\\):*:*:*:*:*:*:*", "matchCriteriaId": "BEB53938-6806-4B04-B7FF-26E33CE6DEDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1j\\):*:*:*:*:*:*:*", "matchCriteriaId": "FFF54ABE-3471-4FC5-A1C3-80FF87DDF974", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(3f\\):*:*:*:*:*:*:*", "matchCriteriaId": "C11FB6E8-A139-40F7-A771-389BA5206AEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "633D2528-7FC4-448C-AEF4-5849B172CE11", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "2585A246-7C8F-4755-9DB9-E9A668901B7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "DDB99045-1F1E-47E4-927F-D5BFE604A600", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2_base:*:*:*:*:*:*:*", "matchCriteriaId": "F2DC0E10-92EE-4333-BD79-97A67F1391B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "789A655E-4670-421D-98EA-B80F4EF35191", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "CCB2662B-7AD7-486D-B492-3ED74723A88D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2f\\):*:*:*:*:*:*:*", "matchCriteriaId": "DEF694D0-E231-454D-B7EB-BBBDE205C836", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "05098742-7099-424F-8490-300508F0459F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0_base:*:*:*:*:*:*:*", "matchCriteriaId": "7FDD546D-F662-41D4-B67C-4FBF919C7DE0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1)."}, {"lang": "es", "value": "Una vulnerabilidad en el procedimiento de construcci\u00f3n para ciertos archivos del sistema ejecutables instalados en el tiempo de arranque en dispositivos Cisco Application Policy Infrastructure Controller (APIC) podr\u00eda permitir que un atacante local autenticado obtuviese privilegios de nivel root. Esta vulnerabilidad se debe a un archivo del sistema ejecutable personalizado que ha sido construido para usar rutas de b\u00fasqueda relativas para librer\u00edas sin validar correctamente la librer\u00eda que se va a cargar. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el dispositivo y cargando una librer\u00eda maliciosa que puede escalar el nivel de privilegios. Un exploit exitoso podr\u00eda permitir que el atacante obtenga privilegios de nivel root y obtenga el control total del dispositivo. El atacante debe tener credenciales de usuario v\u00e1lidas para poder iniciar sesi\u00f3n en el dispositivo. Cisco Bug IDs: CSCvc96087. Versiones afectadas conocidas: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1)."}], "id": "CVE-2017-6768", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-17T20:29:00.433", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100363"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039179"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object