Cisco APIC-EM API management notification Spoofing Vulnerability (CVE-2016-1386)
Cisco APIC-EM API management notification Spoofing Vulnerability (CVE-2016-1386)
Release date:
Updated on:
Affected Systems:
Cisco Application Policy Infrastructure Controller Enter 1.0 (1)
Description:
CVE (CAN) ID: CVE-2016-1386
Cisco APIC-EM is a software defined network controller for an enterprise network.
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 (1), API function protection is ineffective, attackers send modified attribute-value pairs to the affected system, unauthenticated remote attackers can construct fake administrator system notifications.
<* Source: Cisco
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160428-apic) and patches for this:
Cisco-sa-20160428-apic: Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic
This article permanently updates the link address: