CVE-2015-4235 — Vulnetix

CVE-2015-4235 PUBLISHED CVSS 9 CRITICAL

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.

EPSS 0.72% · 72.8th percentile

Risk Scores

CVSS 2.0

EPSS Score

0.72%

72.8th percentile

Affected Products

Vendor	Product	Versions
cisco	application_policy_infrastructure_controller_\(apic\)	*
n/a	n/a	n/a
cisco	nx-os	11.0\(1d\), 11.0\(1e\), 11.0\(2m\)

Exploit Intelligence

20150722 Cisco Application Policy Infrastructure Controller Access Control Vulnerability (circl)
1033025 (circl)

Timeline

Jul 22, 2015 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 16, 2023 EPSS Score

References

20150722 Cisco Application Policy Infrastructure Controller Access Control Vulnerability vendor-advisory
1033025 vdb
https://nvd.nist.gov/vuln/detail/CVE-2015-4235 advisory

Open in Interactive Console →