CVE-2016-1365 (application_policy_infrastructure_controller_enterprise_module)
The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.
Source: CVE-2016-1365 (application_policy_infrastructure_controller_enterprise_module)