Cisco Application Policy Infrastructure Controller and Virtual Network Function Element Manager

Cisco released updates to address multiple vulnerabilities in its Application Policy Infrastructure Controller and Virtual Network Function Element Manager products. Successful exploitation of the most severe vulnerability could allow a remote threat actor to execute arbitrary code and escalate privileges. The NJCCIC recommends all users and administrators of the affected products review the Cisco Security Advisories below and apply the necessary updates.

Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability (cisco-sa-20170816-apic1)

Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability (cisco-sa-20170816-apic2)

Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability (cisco-sa-20170816-em)