Cisco APIC-EM 1.x < 1.5 Unauthorized Access (credentialed check)
High Nessus Plugin ID 104479
SynopsisA network management system running on the remote host is affected by an unauthorized access vulnerability.
DescriptionAccording to its self-reported version number, the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) application running on the remote host is 1.x prior to 1.5. It is, therefore, affected by a vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) that could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device.
SolutionUpgrade to version 1.5 as referenced in Cisco Security Advisory cisco-sa-20171101-apicem.