-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
Advisory ID: cisco-sa-20160817-apic Revision 1.0 Published: 2016 August 17 16:00 GMT +--------------------------------------------------------------------- Summary ======= A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXtHUBAAoJEK89gD3EAJB5R/gQAJNpnrqzsRS2HQzw6wq/e3wk 9AQHGBahR/l9C9tN5h+lsGVNOQ+o4KQLZpGe9qi6GDyy9WwHfCa95DgQ5fIfrLlk OUzgEpCnJ87PdLY6kBxK/y6doSY7Nwa8ilyegbTnFCurqYUOB6pYSR8+cabq4V5h GSdLBaBQlpJ0w/Ic7Q1fkOk64AgZvs4p6swuyOgvr9+NDBM3cRcaY64xWhSuM6EM Sxh0aqYiG0dvrn1ulWFLh39mL0DWWo1krxbWv1Kag5F2Jtfnhnrur4Vt8ROF8uYj igwrRd0k1cEbKJplzRpEIUMro4j0I1c0SbVtcs6+frovplcXB1mmt8bEPjwrlbZ/ gfLWSArj9E77SDYFSgWcEknNFoyOWZ/tmMJuRuK/JV8072SpLe1nSI3/ZX4qLT2+ reixn7kI91MWLRdOcUf2x4uj8P1cOTipItTw9WUNyIowTN3L5LDARUnCGG7J+/mc vzp4LKHG2nDeG1iA7bZx7wLuehkeRs4WPKtlAs4F7jNm1WRJNyQ+GP9Ik6dfcDbK 1Z8fLTlNzbE3GH4hBbWliZq2/dVUkwPPPI0t1aVhdkKKjqwrASlaWR/XVaf5uEuv rR4VYUXa0cRKi4wcVFLqyLoEnVD0pJGBGB87XGXhQ2lFlBJ9u9Gv57+nCCqP1egJ aBvnymLDgKAGUDyPrULa =S8Uw -----END PGP SIGNATURE-----