====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN327
_____________________________________________________________________

DATE                : 02/11/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco Application Policy Infrastructure Controller
                        Enterprise Module versions prior to 1.5.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem
____________________________________________________________________

Cisco Security Advisory: Cisco Application Policy Infrastructure
Controller Enterprise Module Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20171101-apicem

Revision: 1.0

For Public Release: 2017 November 1 16:00 GMT

Last Updated: 2017 November 1 16:00 GMT

CVE ID(s): CVE-2017-12262

CVSS Score v(3): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability within the firewall configuration of the Cisco
Application Policy Infrastructure Controller Enterprise Module (APIC-EM)
could allow an unauthenticated, adjacent attacker to gain privileged
access to services only available on the internal network of the device.

The vulnerability is due to an incorrect firewall rule on the device.
The misconfiguration could allow traffic sent to the public interface of
the device to be forwarded to the internal virtual network of the
APIC-EM. An attacker that is logically adjacent to the network on which
the public interface of the affected APIC-EM resides could leverage this
behavior to gain access to services listening on the internal network
with elevated privileges.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem"]
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================