Lucene search
K
CiscoApplication Policy Infrastructure Controller

34 matches found

CVE
CVE
added 2023/08/23 6:21 p.m.2544 views

CVE-2023-20230

CVE-2023-20230 affects Cisco Application Policy Infrastructure Controller (APIC). The issue arises from improper access control in the restricted security domain implementation used to enforce multi-tenancy, allowing an authenticated, remote attacker with a restricted-domain account to read, modi...

5.4CVSS5.5AI score0.00333EPSS
CVE
CVE
added 2023/02/23 12:0 a.m.173 views

CVE-2023-20011

Cisco reports a CSRF/XSRF vulnerability in the web-based management interfaces of the Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller. The issue stems from insufficient CSRF protections, enabling an unauthenticated, remote attacker to coerce a user to perfor...

8.8CVSS9AI score0.00362EPSS
CVE
CVE
added 2020/01/26 4:30 a.m.129 views

CVE-2020-3139

Cisco APIC exposes a vulnerability in the OOB management IP tables where a programming logic error in specific IP-table entries causes certain IP ports to be permitted when they should be dropped. An unauthenticated, remote attacker can send traffic to the OOB interface to bypass configured deny ...

5.3CVSS5.3AI score0.01042EPSS
CVE
CVE
added 2024/08/28 4:30 p.m.109 views

CVE-2024-20478

Cisco APIC and Cisco Cloud Network Controller (formerly Cloud APIC) are affected by a vulnerability in the software upgrade component where insufficient signature validation of upgrade images could allow an authenticated administrator to install a modified image and achieve arbitrary code executi...

7.2CVSS6.9AI score0.0074EPSS
CVE
CVE
added 2025/02/26 4:11 p.m.108 views

CVE-2025-20116

Cisco APIC’s web UI stores user-supplied input without proper validation, enabling an authenticated, remote attacker with valid admin credentials to perform a stored XSS on affected systems. The impact described includes execution of arbitrary script code in the web UI context and access to brows...

4.8CVSS5.3AI score0.0026EPSS
CVE
CVE
added 2021/08/25 7:10 p.m.105 views

CVE-2021-1577

CVE-2021-1577 affects Cisco Application Policy Infrastructure Controller (APIC) and Cloud APIC. The issue is an improper access control in an API endpoint that could let an unauthenticated, remote attacker upload a file to the device, enabling reading or writing of arbitrary files. Severity is re...

9.1CVSS9.3AI score0.01303EPSS
CVE
CVE
added 2021/02/24 7:30 p.m.101 views

CVE-2021-1388

CVE-2021-1388 describes an authentication bypass in Cisco ACI Multi-Site Orchestrator (MSO) when deployed on the Application Services Engine. The root cause is improper token validation on a specific API endpoint, allowing an unauthenticated, remote attacker to obtain a token with administrator-l...

10CVSS9.6AI score0.14359EPSS
CVE
CVE
added 2025/02/26 4:11 p.m.101 views

CVE-2025-20117

CVE-2025-20117 affects Cisco APIC CLI. An authenticated, local attacker can execute arbitrary commands as root on the device OS due to insufficient validation of CLI command arguments; success requires valid administrative credentials. The vulnerability stems from improper input validation when p...

6.7CVSS5.7AI score0.00172EPSS
CVE
CVE
added 2025/02/26 4:23 p.m.100 views

CVE-2025-20118

CVE-2025-20118 affects Cisco APIC (Cisco Application Policy Infrastructure Controller). The vulnerability arises from insufficient masking of sensitive information displayed via system CLI commands, exploitable by an authenticated, local attacker with administrative credentials. Impact is access ...

4.4CVSS4.4AI score0.00146EPSS
CVE
CVE
added 2019/07/04 7:55 p.m.95 views

CVE-2019-1889

Cisco APIC REST API Privilege Escalation (CVE-2019-1889) affects Cisco Application Policy Infrastructure Controller software. The vulnerability arises from incomplete validation and error checking for the file path when specific software is uploaded via the REST API, allowing an authenticated rem...

9CVSS7.2AI score0.02818EPSS
CVE
CVE
added 2019/07/04 8:0 p.m.91 views

CVE-2019-1890

CVE-2019-1890 affects Cisco Nexus 9000 Series Fabric Switches in ACI mode. The issue lies in the LLDP setup during infrastructure VLAN formation, where insufficient security requirements allow an unauthenticated, adjacent attacker to bypass validations and connect an unauthorized server to the in...

7.4CVSS6.6AI score0.00633EPSS
CVE
CVE
added 2024/08/28 4:19 p.m.90 views

CVE-2024-20279

Cisco APIC (Application Policy Infrastructure Controller) is affected by an access-control vulnerability in the restricted security domain implementation used for multi-tenancy. An authenticated remote attacker with a restricted-domain user could read, modify, or delete child policies under defau...

4.3CVSS4.7AI score0.00319EPSS
CVE
CVE
added 2019/05/03 2:45 p.m.85 views

CVE-2019-1586

CVE-2019-1586 affects Cisco Application Policy Infrastructure Controller (APIC) software. The vulnerability arises from insecure removal of cleartext encryption keys stored on local partitions on the device’s hard drive. An unauthenticated, local attacker with physical access could retrieve encry...

4.6CVSS4.4AI score0.00198EPSS
CVE
CVE
added 2021/08/25 7:10 p.m.85 views

CVE-2021-1580

Cisco APIC/Cisco Cloud APIC expose CVE-2021-1580 as a remote command-injection and file-upload vulnerability in the web UI and API endpoints. The issue stems from insufficient input validation, enabling a remote attacker to execute commands or upload files on the affected system. Exploitation det...

9CVSS7.4AI score0.01779EPSS
CVE
CVE
added 2025/02/26 4:23 p.m.85 views

CVE-2025-20119

CVE-2025-20119 references describe a vulnerability in the Cisco APIC system responsible for handling system file permissions. The root cause is a race condition during system-file operations, which an authenticated, local attacker with valid administrative credentials could exploit to overwrite c...

6CVSS5.8AI score0.00094EPSS
CVE
CVE
added 2021/02/24 7:31 p.m.72 views

CVE-2021-1393

Cisco Application Services Engine (ASE) is affected by CVE-2021-1393 and CVE-2021-1396 due to insufficient access controls in a Data Network service/API, enabling unauthenticated, remote attackers to gain privileged host-level access, learn device-specific information, create diagnostic files, an...

10CVSS9.8AI score0.0225EPSS
CVE
CVE
added 2016/11/19 2:45 a.m.65 views

CVE-2016-6457

CVE-2016-6457 affects Cisco Nexus 9000 Series Platform Leaf Switches (TOR) in ACI Mode and the Cisco APIC. The root cause is improper handling of a type of Layer 2 control plane traffic, allowing an unauthenticated, adjacent attacker to trigger a DoS on the affected device. Affected releases incl...

6.5CVSS6.3AI score0.0072EPSS
CVE
CVE
added 2019/05/03 3:0 p.m.64 views

CVE-2019-1692

CVE-2019-1692 affects Cisco APIC web-based management interfaces. The issue arises from insufficient data protection for components in the ACI, allowing an unauthenticated, remote attacker to observe network traffic and access tracking data/usage statistics. Impact is information disclosure of us...

5.3CVSS5.2AI score0.01197EPSS
CVE
CVE
added 2021/02/24 7:31 p.m.64 views

CVE-2021-1396

CVE-2021-1396 affects Cisco Application Services Engine (ASE) and enables an unauthenticated, remote attacker to access privileged host-level operations via insufficient access controls in an ASE Data Network API. Impact includes learning device-specific information, creating diagnostic files in ...

9.8CVSS8.4AI score0.01006EPSS
CVE
CVE
added 2021/08/25 7:10 p.m.63 views

CVE-2021-1581

Cisco APIC/Cisco Cloud APIC are affected by CVE-2021-1581, a file-upload vulnerability in the web UI and API endpoints that can enable an unauthenticated remote attacker to upload arbitrary files on the vulnerable system (remote access.Vector: NETWORK; impact: high for integrity/availability per ...

9.1CVSS8.4AI score0.01139EPSS
CVE
CVE
added 2021/08/25 7:10 p.m.63 views

CVE-2021-1582

CVE-2021-1582 affects Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud APIC web UI. The root cause is improper input validation in the web UI, allowing an authenticated, remote attacker to supply malicious input that is stored and subsequently executed as script code in t...

5.4CVSS5.4AI score0.00599EPSS
CVE
CVE
added 2017/11/30 9:0 a.m.61 views

CVE-2017-12352

CVE-2017-12352 affects Cisco Application Policy Infrastructure Controller (APIC). A local privilege-escalation is possible through improper validation of input to boot-time system script files, allowing an authenticated attacker with valid admin credentials to execute arbitrary commands with root...

7.2CVSS6.9AI score0.00445EPSS
CVE
CVE
added 2017/08/17 8:0 p.m.61 views

CVE-2017-6767

CVE-2017-6767 concerns Cisco Application Policy Infrastructure Controller (APIC). It describes an RBAC-related privilege-escalation: after authentication via SSH to the local management interface, the attacker’s privilege level can be modified to match the last user who logged in, enabling elevat...

7.1CVSS7.2AI score0.0118EPSS
CVE
CVE
added 2021/08/25 7:10 p.m.59 views

CVE-2021-1579

CVE-2021-1579 affects Cisco Application Policy Infrastructure Controller (APIC) and Cloud APIC. A vulnerability in the API endpoint enables privilege escalation due to insufficient RBAC: an attacker with Administrator read-only credentials can issue a crafted API request (using an app with admin ...

9CVSS8.3AI score0.02125EPSS
CVE
CVE
added 2017/08/17 8:0 p.m.58 views

CVE-2017-6768

CVE-2017-6768 affects Cisco APIC devices where a custom executable system file built to use relative library search paths can be exploited by an authenticated local attacker to escalate to root privileges. The root cause is improper validation of libraries loaded by a binary that relies on relati...

7.8CVSS7.9AI score0.00422EPSS
CVE
CVE
added 2015/12/18 11:0 a.m.56 views

CVE-2015-6424

The CVE-2015-6424 issue affects Cisco APIC (APIC 1.1(0.920a)). The boot manager contains an access-control flaw that lets an authenticated local user bypass restrictions and gain single-user-mode root access (Bug CSCuu83985). Affected component: APIC boot process/boot manager; impact: local privi...

7.2CVSS6.5AI score0.00383EPSS
CVE
CVE
added 2019/03/11 10:0 p.m.56 views

CVE-2019-1690

CVE-2019-1690 affects Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c). The issue is due to insufficient access control for IPv6 link-local connectivity on the management interface, enabling an unauthenticated, adjacent attacker on the same ph...

6.5CVSS5.2AI score0.00615EPSS
CVE
CVE
added 2021/08/25 7:10 p.m.56 views

CVE-2021-1578

CVE-2021-1578 affects Cisco APIC and Cloud APIC via an API endpoint where improper policy defaults allow an authenticated, remote attacker with unprivileged MSO credentials to send a specific API request and obtain Administrator credentials on the affected device. Connected sources confirm the ro...

9CVSS8.6AI score0.01971EPSS
CVE
CVE
added 2019/05/03 2:55 p.m.55 views

CVE-2019-1682

CVE-2019-1682 affects Cisco Application Policy Infrastructure Controller (APIC). The issue is in the FUSE filesystem functionality where insufficient input validation of CLI commands can allow an authenticated, local attacker with write access to a readable folder to alter definitions in an affec...

7.8CVSS7.8AI score0.00352EPSS
CVE
CVE
added 2019/05/03 4:35 p.m.55 views

CVE-2019-1838

CVE-2019-1838 concerns Cisco APIC’s web-based management interface. The vulnerability is an XSS flaw caused by insufficient validation of user-supplied input, exploitable when an authenticated user is persuaded to click a crafted link. Successful exploitation could execute arbitrary script code i...

5.4CVSS5.2AI score0.00826EPSS
CVE
CVE
added 2020/06/03 5:56 p.m.54 views

CVE-2020-3333

CVE-2020-3333 affects Cisco Application Services Engine (APIC) Software API responsible for event policies. The root cause is insufficient authentication of users who modify policies, enabling an unauthenticated, remote attacker to craft HTTP requests to contact an affected device and update even...

5.3CVSS5.4AI score0.0104EPSS
CVE
CVE
added 2020/06/03 5:56 p.m.52 views

CVE-2020-3335

CVE-2020-3335 affects Cisco Application Services Engine Software. The issue is in the keystore and stems from insufficient authorization restrictions, allowing an authenticated, local attacker to read other users’ sensitive information on an affected device. Impact is read access to user data wit...

5.5CVSS5.1AI score0.00279EPSS
CVE
CVE
added 2015/10/16 1:0 a.m.51 views

CVE-2015-6333

Cisco APIC (Application Policy Infrastructure Controller) 1.1j contains a local-privilege-escalation vulnerability (CVE-2015-6333) due to improper validation of SSH keys added by local users. Exploitation would require authenticated local access, enabling an attacker to add an SSH key to their ac...

4.6CVSS6.7AI score0.00364EPSS
CVE
CVE
added 2016/09/24 1:0 a.m.46 views

CVE-2016-6413

CVE-2016-6413 affects Cisco Application Policy Infrastructure Controller (APIC) devices, specifically version 1.3(2f). The installation procedure mishandles binary files, allowing an authenticated local attacker to obtain root-level privileges and take full control of the device. Remediation is a...

7.8CVSS7.4AI score0.00327EPSS