CVE-2016-1420
First published: Fri Jun 10 2016(Updated: )
The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Application Policy Infrastructure Controller | ||
| Cisco Application Policy Infrastructure Controller | =1.0\(1e\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(1h\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(1k\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(1n\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(2j\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(2m\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(3f\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(3i\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(3k\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(3n\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(4h\) | |
| Cisco Application Policy Infrastructure Controller | =1.0\(4o\) | |
| Cisco Application Policy Infrastructure Controller | =1.1\(0.920a\) | |
| Cisco Application Policy Infrastructure Controller | =1.1\(1j\) | |
| Cisco Application Policy Infrastructure Controller | =1.1\(3f\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1420?
CVE-2016-1420 has a critical severity rating due to its potential for local users to gain root access.
How do I fix CVE-2016-1420?
To fix CVE-2016-1420, upgrade the Cisco Application Policy Infrastructure Controller software to version 1.3(2f) or later.
Which devices are affected by CVE-2016-1420?
CVE-2016-1420 affects Cisco Application Policy Infrastructure Controller devices with software versions prior to 1.3(2f).
What type of access does CVE-2016-1420 provide to attackers?
CVE-2016-1420 allows local users to obtain root access on affected Cisco Application Policy Infrastructure Controller devices.
When was CVE-2016-1420 disclosed?
CVE-2016-1420 was disclosed on June 9, 2016.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco application policy infrastructure controller
- version/cisco application policy infrastructure controller/1.0\(1e\)
- version/cisco application policy infrastructure controller/1.0\(1h\)
- version/cisco application policy infrastructure controller/1.0\(1k\)
- version/cisco application policy infrastructure controller/1.0\(1n\)
- version/cisco application policy infrastructure controller/1.0\(2j\)
- version/cisco application policy infrastructure controller/1.0\(2m\)
- version/cisco application policy infrastructure controller/1.0\(3f\)
- version/cisco application policy infrastructure controller/1.0\(3i\)
- version/cisco application policy infrastructure controller/1.0\(3k\)
- version/cisco application policy infrastructure controller/1.0\(3n\)
- version/cisco application policy infrastructure controller/1.0\(4h\)
- version/cisco application policy infrastructure controller/1.0\(4o\)
- version/cisco application policy infrastructure controller/1.1\(0.920a\)
- version/cisco application policy infrastructure controller/1.1\(1j\)
- version/cisco application policy infrastructure controller/1.1\(3f\)