34 matches found
CVE-2023-20230
CVE-2023-20230 affects Cisco Application Policy Infrastructure Controller (APIC). The issue arises from improper access control in the restricted security domain implementation used to enforce multi-tenancy, allowing an authenticated, remote attacker with a restricted-domain account to read, modi...
CVE-2023-20011
Cisco reports a CSRF/XSRF vulnerability in the web-based management interfaces of the Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller. The issue stems from insufficient CSRF protections, enabling an unauthenticated, remote attacker to coerce a user to perfor...
CVE-2020-3139
Cisco APIC exposes a vulnerability in the OOB management IP tables where a programming logic error in specific IP-table entries causes certain IP ports to be permitted when they should be dropped. An unauthenticated, remote attacker can send traffic to the OOB interface to bypass configured deny ...
CVE-2024-20478
Cisco APIC and Cisco Cloud Network Controller (formerly Cloud APIC) are affected by a vulnerability in the software upgrade component where insufficient signature validation of upgrade images could allow an authenticated administrator to install a modified image and achieve arbitrary code executi...
CVE-2025-20116
Cisco APIC’s web UI stores user-supplied input without proper validation, enabling an authenticated, remote attacker with valid admin credentials to perform a stored XSS on affected systems. The impact described includes execution of arbitrary script code in the web UI context and access to brows...
CVE-2021-1577
CVE-2021-1577 affects Cisco Application Policy Infrastructure Controller (APIC) and Cloud APIC. The issue is an improper access control in an API endpoint that could let an unauthenticated, remote attacker upload a file to the device, enabling reading or writing of arbitrary files. Severity is re...
CVE-2021-1388
CVE-2021-1388 describes an authentication bypass in Cisco ACI Multi-Site Orchestrator (MSO) when deployed on the Application Services Engine. The root cause is improper token validation on a specific API endpoint, allowing an unauthenticated, remote attacker to obtain a token with administrator-l...
CVE-2025-20117
CVE-2025-20117 affects Cisco APIC CLI. An authenticated, local attacker can execute arbitrary commands as root on the device OS due to insufficient validation of CLI command arguments; success requires valid administrative credentials. The vulnerability stems from improper input validation when p...
CVE-2025-20118
CVE-2025-20118 affects Cisco APIC (Cisco Application Policy Infrastructure Controller). The vulnerability arises from insufficient masking of sensitive information displayed via system CLI commands, exploitable by an authenticated, local attacker with administrative credentials. Impact is access ...
CVE-2019-1889
Cisco APIC REST API Privilege Escalation (CVE-2019-1889) affects Cisco Application Policy Infrastructure Controller software. The vulnerability arises from incomplete validation and error checking for the file path when specific software is uploaded via the REST API, allowing an authenticated rem...
CVE-2019-1890
CVE-2019-1890 affects Cisco Nexus 9000 Series Fabric Switches in ACI mode. The issue lies in the LLDP setup during infrastructure VLAN formation, where insufficient security requirements allow an unauthenticated, adjacent attacker to bypass validations and connect an unauthorized server to the in...
CVE-2024-20279
Cisco APIC (Application Policy Infrastructure Controller) is affected by an access-control vulnerability in the restricted security domain implementation used for multi-tenancy. An authenticated remote attacker with a restricted-domain user could read, modify, or delete child policies under defau...
CVE-2019-1586
CVE-2019-1586 affects Cisco Application Policy Infrastructure Controller (APIC) software. The vulnerability arises from insecure removal of cleartext encryption keys stored on local partitions on the device’s hard drive. An unauthenticated, local attacker with physical access could retrieve encry...
CVE-2025-20119
CVE-2025-20119 references describe a vulnerability in the Cisco APIC system responsible for handling system file permissions. The root cause is a race condition during system-file operations, which an authenticated, local attacker with valid administrative credentials could exploit to overwrite c...
CVE-2021-1580
Cisco APIC/Cisco Cloud APIC expose CVE-2021-1580 as a remote command-injection and file-upload vulnerability in the web UI and API endpoints. The issue stems from insufficient input validation, enabling a remote attacker to execute commands or upload files on the affected system. Exploitation det...
CVE-2021-1393
Cisco Application Services Engine (ASE) is affected by CVE-2021-1393 and CVE-2021-1396 due to insufficient access controls in a Data Network service/API, enabling unauthenticated, remote attackers to gain privileged host-level access, learn device-specific information, create diagnostic files, an...
CVE-2016-6457
CVE-2016-6457 affects Cisco Nexus 9000 Series Platform Leaf Switches (TOR) in ACI Mode and the Cisco APIC. The root cause is improper handling of a type of Layer 2 control plane traffic, allowing an unauthenticated, adjacent attacker to trigger a DoS on the affected device. Affected releases incl...
CVE-2019-1692
CVE-2019-1692 affects Cisco APIC web-based management interfaces. The issue arises from insufficient data protection for components in the ACI, allowing an unauthenticated, remote attacker to observe network traffic and access tracking data/usage statistics. Impact is information disclosure of us...
CVE-2021-1396
CVE-2021-1396 affects Cisco Application Services Engine (ASE) and enables an unauthenticated, remote attacker to access privileged host-level operations via insufficient access controls in an ASE Data Network API. Impact includes learning device-specific information, creating diagnostic files in ...
CVE-2021-1581
Cisco APIC/Cisco Cloud APIC are affected by CVE-2021-1581, a file-upload vulnerability in the web UI and API endpoints that can enable an unauthenticated remote attacker to upload arbitrary files on the vulnerable system (remote access.Vector: NETWORK; impact: high for integrity/availability per ...
CVE-2021-1582
CVE-2021-1582 affects Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud APIC web UI. The root cause is improper input validation in the web UI, allowing an authenticated, remote attacker to supply malicious input that is stored and subsequently executed as script code in t...
CVE-2017-12352
CVE-2017-12352 affects Cisco Application Policy Infrastructure Controller (APIC). A local privilege-escalation is possible through improper validation of input to boot-time system script files, allowing an authenticated attacker with valid admin credentials to execute arbitrary commands with root...
CVE-2017-6767
CVE-2017-6767 concerns Cisco Application Policy Infrastructure Controller (APIC). It describes an RBAC-related privilege-escalation: after authentication via SSH to the local management interface, the attacker’s privilege level can be modified to match the last user who logged in, enabling elevat...
CVE-2017-6768
CVE-2017-6768 affects Cisco APIC devices where a custom executable system file built to use relative library search paths can be exploited by an authenticated local attacker to escalate to root privileges. The root cause is improper validation of libraries loaded by a binary that relies on relati...
CVE-2021-1579
CVE-2021-1579 affects Cisco Application Policy Infrastructure Controller (APIC) and Cloud APIC. A vulnerability in the API endpoint enables privilege escalation due to insufficient RBAC: an attacker with Administrator read-only credentials can issue a crafted API request (using an app with admin ...
CVE-2019-1690
CVE-2019-1690 affects Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c). The issue is due to insufficient access control for IPv6 link-local connectivity on the management interface, enabling an unauthenticated, adjacent attacker on the same ph...
CVE-2021-1578
CVE-2021-1578 affects Cisco APIC and Cloud APIC via an API endpoint where improper policy defaults allow an authenticated, remote attacker with unprivileged MSO credentials to send a specific API request and obtain Administrator credentials on the affected device. Connected sources confirm the ro...
CVE-2015-6424
The CVE-2015-6424 issue affects Cisco APIC (APIC 1.1(0.920a)). The boot manager contains an access-control flaw that lets an authenticated local user bypass restrictions and gain single-user-mode root access (Bug CSCuu83985). Affected component: APIC boot process/boot manager; impact: local privi...
CVE-2019-1838
CVE-2019-1838 concerns Cisco APIC’s web-based management interface. The vulnerability is an XSS flaw caused by insufficient validation of user-supplied input, exploitable when an authenticated user is persuaded to click a crafted link. Successful exploitation could execute arbitrary script code i...
CVE-2020-3333
CVE-2020-3333 affects Cisco Application Services Engine (APIC) Software API responsible for event policies. The root cause is insufficient authentication of users who modify policies, enabling an unauthenticated, remote attacker to craft HTTP requests to contact an affected device and update even...
CVE-2019-1682
CVE-2019-1682 affects Cisco Application Policy Infrastructure Controller (APIC). The issue is in the FUSE filesystem functionality where insufficient input validation of CLI commands can allow an authenticated, local attacker with write access to a readable folder to alter definitions in an affec...
CVE-2020-3335
CVE-2020-3335 affects Cisco Application Services Engine Software. The issue is in the keystore and stems from insufficient authorization restrictions, allowing an authenticated, local attacker to read other users’ sensitive information on an affected device. Impact is read access to user data wit...
CVE-2015-6333
Cisco APIC (Application Policy Infrastructure Controller) 1.1j contains a local-privilege-escalation vulnerability (CVE-2015-6333) due to improper validation of SSH keys added by local users. Exploitation would require authenticated local access, enabling an attacker to add an SSH key to their ac...
CVE-2016-6413
CVE-2016-6413 affects Cisco Application Policy Infrastructure Controller (APIC) devices, specifically version 1.3(2f). The installation procedure mishandles binary files, allowing an authenticated local attacker to obtain root-level privileges and take full control of the device. Remediation is a...