Cisco Application Policy Infrastructure Controller Insecure Credentials Vulnerability

A vulnerability in the boot process of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to access the APIC as the root user.

The vulnerability is due to improper implementation of access controls in the APIC system. An attacker could exploit this vulnerability by accessing the boot manager of the APIC. An exploit could allow the attacker to access the APIC as the root user and perform root-level commands in single-user mode.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic”]