The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via vectors, aka Bug ID CSCuz72347.
A vulnerability in the installation procedure for Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges.
The vulnerability is due to the use of incorrect installation and permissions settings for binary files during installation of the system software on a device. An attacker could exploit this vulnerability by logging in to the device and escalating their privileges. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.