CVE-2017-12262

CVE Database · CVE-2017-12262

CVE-2017-12262

· N/AModified

CVSS v3.1

N/A

EPSS

0.78%

Published

Nov 2, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638.

Weaknesses (CWE)

CWE-284CWE-665

Affected Products (1)

cisco · application_policy_infrastructure_controller_enterprise_module (up to 1.5)vulnerable

References (6)

http://www.securityfocus.com/bid/101647

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039716

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem

Vendor Advisory

http://www.securityfocus.com/bid/101647

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039716

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem

KEV Catalog EPSS Scores Vendors All CVEs