Cisco ACI の脆弱性情報(CSCvc34335 / CSCvc96087)
Cisco ACI に関して、8/16 付けで 2 件の脆弱性情報が公開されていました。
Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability¶
- CSCvc34335 - Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
- Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability¶
- CSCvc96087 - Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability
- Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability
修正されたリリース¶
どちらの脆弱性も 2.2 系なら以下のリリースで修正されているそうです。
| Cisco Application Policy Infrastructure Controller | First Fixed Release for This Vulnerability | Recommended Release for This Vulnerability and All Vulnerabilities Described in the Collection of Advisories |
|---|---|---|
| Prior to 2.0 | Vulnerable; migrate to 2.2(2e) | 2.2(2e) |
| 2.0 | Vulnerable; migrate to 2.2(2e) | 2.2(2e) |
| 2.1 | Vulnerable; migrate to 2.2(2e) | 2.2(2e) |
| 2.2 | 2.2(2e) | 2.2(2e) |
| 2.3 | 2.3(1f) | 2.3(1f) |
| 3.0 (future release) | Not Vulnerable | Not Vulnerable |