9 matches found
CVE-2020-3139
Cisco APIC exposes a vulnerability in the OOB management IP tables where a programming logic error in specific IP-table entries causes certain IP ports to be permitted when they should be dropped. An unauthenticated, remote attacker can send traffic to the OOB interface to bypass configured deny ...
CVE-2021-1577
CVE-2021-1577 affects Cisco Application Policy Infrastructure Controller (APIC) and Cloud APIC. The issue is an improper access control in an API endpoint that could let an unauthenticated, remote attacker upload a file to the device, enabling reading or writing of arbitrary files. Severity is re...
CVE-2021-1580
Cisco APIC/Cisco Cloud APIC expose CVE-2021-1580 as a remote command-injection and file-upload vulnerability in the web UI and API endpoints. The issue stems from insufficient input validation, enabling a remote attacker to execute commands or upload files on the affected system. Exploitation det...
CVE-2019-1692
CVE-2019-1692 affects Cisco APIC web-based management interfaces. The issue arises from insufficient data protection for components in the ACI, allowing an unauthenticated, remote attacker to observe network traffic and access tracking data/usage statistics. Impact is information disclosure of us...
CVE-2021-1581
Cisco APIC/Cisco Cloud APIC are affected by CVE-2021-1581, a file-upload vulnerability in the web UI and API endpoints that can enable an unauthenticated remote attacker to upload arbitrary files on the vulnerable system (remote access.Vector: NETWORK; impact: high for integrity/availability per ...
CVE-2021-1582
CVE-2021-1582 affects Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud APIC web UI. The root cause is improper input validation in the web UI, allowing an authenticated, remote attacker to supply malicious input that is stored and subsequently executed as script code in t...
CVE-2021-1579
CVE-2021-1579 affects Cisco Application Policy Infrastructure Controller (APIC) and Cloud APIC. A vulnerability in the API endpoint enables privilege escalation due to insufficient RBAC: an attacker with Administrator read-only credentials can issue a crafted API request (using an app with admin ...
CVE-2019-1682
CVE-2019-1682 affects Cisco Application Policy Infrastructure Controller (APIC). The issue is in the FUSE filesystem functionality where insufficient input validation of CLI commands can allow an authenticated, local attacker with write access to a readable folder to alter definitions in an affec...
CVE-2019-1690
CVE-2019-1690 affects Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c). The issue is due to insufficient access control for IPv6 link-local connectivity on the management interface, enabling an unauthenticated, adjacent attacker on the same ph...