High severity7.5NVD Advisory· Published Apr 28, 2016· Updated May 6, 2026

CVE-2016-1386

Description

Cisco APIC-EM 1.0(1) API flaw allows unauthenticated attackers to spoof admin notifications, potentially tricking administrators into malicious actions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco APIC-EM 1.0(1) API flaw allows unauthenticated attackers to spoof admin notifications, potentially tricking administrators into malicious actions.

Vulnerability

The vulnerability resides in the API of Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.0(1). It allows remote attackers to spoof administrative notifications by sending crafted attribute-value pairs. The issue is due to insufficient protection of API functions [1].

Exploitation

An unauthenticated attacker with network access to the affected system can exploit this vulnerability by sending modified attribute-value pairs to the API. No special privileges or user interaction is required beyond the attacker's ability to reach the API endpoint [1].

Impact

Successful exploitation enables the attacker to create false system notifications that appear legitimate to administrators. This could trick an administrative user into performing a malicious task on behalf of the attacker, potentially leading to unauthorized actions or compromise of the system [1].

Mitigation

Cisco has released software updates to address this vulnerability. No workarounds are available. Affected users should upgrade to a fixed version as provided by Cisco [1].

References

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Application Policy Infrastructure Controller Enterprise Module2 versions
cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.0.\(1\):*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.0.\(1\):*:*:*:*:*:*:*
- (no CPE)range: 1.0(1)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apicnvdVendor Advisory
www.securitytracker.com/id/1035702nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000