Main Vulnerability Database Vulnerabilities #VU631

Privilege escalation in Cisco Application Policy Infrastructure Controller - CVE-2016-6413

Published: September 22, 2016 / Updated: April 5, 2018

Vulnerability identifier: #VU631

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-6413

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Application Policy Infrastructure Controller

Detailed vulnerability description

The vulnerability allows a local user to gain root-level privileges on the target system.

The vulnerability exists due to improper installation procedure and permission settings. Malicious user can use the weakness to escalate his privileges.

Successful exploitation of this vulnerability will allow the local attacker to obtain root privileges on vulnerable system.

How to mitigate CVE-2016-6413

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-apic

Privilege escalation in Cisco Application Policy Infrastructure Controller - CVE-2016-6413

Detailed vulnerability description

How to mitigate CVE-2016-6413

Sources

Please verify you're human