====================================================================

                                CERT-Renater

                     Note d'Information No. 2016/VULN298
_____________________________________________________________________

DATE                : 17/08/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco Application Policy Infrastructure Controller
                        Enterprise Module software.

=====================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
____________________________________________________________________

Cisco Security Advisory: Cisco Application Policy Infrastructure
Controller Enterprise Module Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160817-apic

Revision 1.0

Published: 2016 August 17 16:00  GMT
+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Grapevine update process of the Cisco
Application Policy Infrastructure Controller Enterprise Module
(APIC-EM) could allow an authenticated, remote attacker to execute
arbitrary commands on the underlying operating system with the
privileges of the root user.
		
The vulnerability is due to insufficient input sanitization during the
Grapevine update process. An attacker could exploit this vulnerability
by authenticating to the affected system with administrative privileges
and inserting arbitrary commands into an upgrade parameter. An exploit
could allow the attacker to execute arbitrary commands on the affected
system with root-level privileges.
		
Cisco has released software updates that address this vulnerability.
Workarounds that address this vulnerability are not available.
		
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================