Boletines de Vulnerabilidades

Cisco Application Policy Infrastructure Controller Privilege Escalation SSH Key Vulnerability

Información sobre el sistema
   
Software afectado Cisco

Descripción
A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to elevate privileges.The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploit this vulnerability by authenticating to the device and adding an SSH key to the attackers local account. An exploit could allow the attacker to elevate privileges on the local shell and perform

More info:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-apic?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Application%20Policy%20Infrastructure%20Controller%20Privilege%20Esca

Identificadores estándar
Propiedad Valor
CVE CVE-2015-6333.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-10-13

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT