What is CVE-2016-6413?

CVE-2016-6413 is a high-severity vulnerability in Cisco Application_policy_infrastructure_controller, classified under CWE-264. CVSS score: 7.8/10. Published 2016-09-24.

How severe is CVE-2016-6413?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Cisco Application_policy_infrastructure_controller

CVE-2016-6413

The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496.

EPSS: 0.001 (23.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Application_policy_infrastructure_controller — versions 1.3\(2f\)
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20160921 Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1036872 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-6413?: CVE-2016-6413 is a high-severity vulnerability in Cisco Application_policy_infrastructure_controller, classified under CWE-264. CVSS score: 7.8/10. Published 2016-09-24.
How severe is CVE-2016-6413?: High severity. CVSS v3 base score is 7.8 out of 10.