Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability

A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to elevate privileges.

The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploit this vulnerability by authenticating to the device and adding an SSH key to the attacker’s local account. An exploit could allow the attacker to elevate privileges on the local shell and perform unauthorized actions.

Software updates are not available.

Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-apic[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-apic”]