9

CVE-2016-1302

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

Data is provided by the National Vulnerability Database (NVD)
SamsungX14j Firmware Versiont-ms14jakucb-1102.5
SunOpensolaris Versionsnv_124 Editionsparc
ZyxelGs1900-10hp Firmware Version < 2.50\(aazi.0\)c0
ZzincKeymouse Firmware Version3.08 SwPlatformwindows
CiscoNx-os Versionbase
   CiscoNexus 92160yc-x Version-
   CiscoNexus 92304qc Version-
   CiscoNexus 9236c Version-
   CiscoNexus 9272q Version-
   CiscoNexus 93108tc-ex Version-
   CiscoNexus 93120tx Version-
   CiscoNexus 93128tx Version-
   CiscoNexus 93180yc-ex Version-
   CiscoNexus 9332pq Version-
   CiscoNexus 9336pq Aci Spine Version-
   CiscoNexus 9372px Version-
   CiscoNexus 9372tx Version-
   CiscoNexus 9396px Version-
   CiscoNexus 9396tx Version-
   CiscoNexus 9504 Version-
   CiscoNexus 9508 Version-
   CiscoNexus 9516 Version-
SunOpensolaris Versionsnv_124 Editionsparc
   CiscoNexus 92160yc-x Version-
   CiscoNexus 92304qc Version-
   CiscoNexus 9236c Version-
   CiscoNexus 9272q Version-
   CiscoNexus 93108tc-ex Version-
   CiscoNexus 93120tx Version-
   CiscoNexus 93128tx Version-
   CiscoNexus 93180yc-ex Version-
   CiscoNexus 9332pq Version-
   CiscoNexus 9336pq Aci Spine Version-
   CiscoNexus 9372px Version-
   CiscoNexus 9372tx Version-
   CiscoNexus 9396px Version-
   CiscoNexus 9396tx Version-
   CiscoNexus 9504 Version-
   CiscoNexus 9508 Version-
   CiscoNexus 9516 Version-
ZyxelGs1900-10hp Firmware Version < 2.50\(aazi.0\)c0
   CiscoNexus 92160yc-x Version-
   CiscoNexus 92304qc Version-
   CiscoNexus 9236c Version-
   CiscoNexus 9272q Version-
   CiscoNexus 93108tc-ex Version-
   CiscoNexus 93120tx Version-
   CiscoNexus 93128tx Version-
   CiscoNexus 93180yc-ex Version-
   CiscoNexus 9332pq Version-
   CiscoNexus 9336pq Aci Spine Version-
   CiscoNexus 9372px Version-
   CiscoNexus 9372tx Version-
   CiscoNexus 9396px Version-
   CiscoNexus 9396tx Version-
   CiscoNexus 9504 Version-
   CiscoNexus 9508 Version-
   CiscoNexus 9516 Version-
ZzincKeymouse Firmware Version3.08 SwPlatformwindows
   CiscoNexus 92160yc-x Version-
   CiscoNexus 92304qc Version-
   CiscoNexus 9236c Version-
   CiscoNexus 9272q Version-
   CiscoNexus 93108tc-ex Version-
   CiscoNexus 93120tx Version-
   CiscoNexus 93128tx Version-
   CiscoNexus 93180yc-ex Version-
   CiscoNexus 9332pq Version-
   CiscoNexus 9336pq Aci Spine Version-
   CiscoNexus 9372px Version-
   CiscoNexus 9372tx Version-
   CiscoNexus 9396px Version-
   CiscoNexus 9396tx Version-
   CiscoNexus 9504 Version-
   CiscoNexus 9508 Version-
   CiscoNexus 9516 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.23% 0.451
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.