CVE-2016-1302
First published: Sun Feb 07 2016(Updated: )
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung X14J eu | =t-ms14jakucb-1102.5 | |
| Oracle Solaris and Zettabyte File System (ZFS) | =snv_124 | |
| Zyxel GS1900-10HP firmware | <2.50\(aazi.0\)c0 | |
| zzinc KeyMouse | =3.08 | |
| Cisco Nexus 92160YC Switch | ||
| Cisco Nexus 92304QC Firmware | ||
| Cisco Nexus 9236C | ||
| Cisco Nexus 9272Q Switch | ||
| Cisco Nexus | ||
| Cisco Nexus 93120TX Firmware | ||
| Cisco Nexus 93128TX | ||
| Cisco Nexus 93180YC-EX-24 | ||
| Cisco Nexus 9332PQ Firmware | ||
| Cisco Nexus N9336PQ-X | ||
| Cisco Nexus 9372PX-E | ||
| Cisco Nexus 9372TX Firmware | ||
| Cisco Nexus 9396PX Firmware | ||
| Cisco Nexus 9396TX Firmware | ||
| Cisco Nexus 9504 Firmware | ||
| Cisco Nexus 9508 | ||
| Cisco Nexus 9516 firmware | ||
| Cisco NX-OS | =base |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1302?
CVE-2016-1302 is rated as a high severity vulnerability which allows remote authenticated users to bypass intended RBAC restrictions.
How do I fix CVE-2016-1302?
To fix CVE-2016-1302, update the software on Cisco Application Policy Infrastructure Controller (APIC) devices to version 1.0(3h) or 1.1(1j) and Nexus 9000 ACI Mode switches to 11.0(3h) or 11.1(1j).
What systems are affected by CVE-2016-1302?
CVE-2016-1302 affects Cisco Application Policy Infrastructure Controller devices and Nexus 9000 ACI Mode switches with specific software versions prior to the updates.
Can CVE-2016-1302 be exploited remotely?
Yes, CVE-2016-1302 can be exploited by remote authenticated users through specially crafted REST requests.
Is there a workaround for CVE-2016-1302?
There are no specific workarounds documented for CVE-2016-1302; it is recommended to apply the necessary software updates.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/samsung
- canonical/samsung x14j eu
- version/samsung x14j eu/t-ms14jakucb-1102.5
- vendor/sun
- canonical/oracle solaris and zettabyte file system (zfs)
- version/oracle solaris and zettabyte file system (zfs)/snv_124
- vendor/zyxel
- canonical/zyxel gs1900-10hp firmware
- vendor/zzinc
- canonical/zzinc keymouse
- version/zzinc keymouse/3.08
- vendor/cisco
- canonical/cisco nexus 92160yc switch
- canonical/cisco nexus 92304qc firmware
- canonical/cisco nexus 9236c
- canonical/cisco nexus 9272q switch
- canonical/cisco nexus
- canonical/cisco nexus 93120tx firmware
- canonical/cisco nexus 93128tx
- canonical/cisco nexus 93180yc-ex-24
- canonical/cisco nexus 9332pq firmware
- canonical/cisco nexus n9336pq-x
- canonical/cisco nexus 9372px-e
- canonical/cisco nexus 9372tx firmware
- canonical/cisco nexus 9396px firmware
- canonical/cisco nexus 9396tx firmware
- canonical/cisco nexus 9504 firmware
- canonical/cisco nexus 9508
- canonical/cisco nexus 9516 firmware
- canonical/cisco nx-os
- version/cisco nx-os/base