Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability (CVE-2017-6767)

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges.

思科应用策略基础设施控制器（APIC）中存在一个漏洞，该漏洞可能使经过身份验证的远程攻击者获得超出其账户分配的更高权限。攻击者将被赋予最后登录用户的权限，无论这些权限是否高于或低于应授予的权限。攻击者无法获得根级权限。