6 matches found
CVE-2021-1577
CVE-2021-1577 affects Cisco Application Policy Infrastructure Controller (APIC) and Cloud APIC. The issue is an improper access control in an API endpoint that could let an unauthenticated, remote attacker upload a file to the device, enabling reading or writing of arbitrary files. Severity is re...
CVE-2021-1580
Cisco APIC/Cisco Cloud APIC expose CVE-2021-1580 as a remote command-injection and file-upload vulnerability in the web UI and API endpoints. The issue stems from insufficient input validation, enabling a remote attacker to execute commands or upload files on the affected system. Exploitation det...
CVE-2021-1581
Cisco APIC/Cisco Cloud APIC are affected by CVE-2021-1581, a file-upload vulnerability in the web UI and API endpoints that can enable an unauthenticated remote attacker to upload arbitrary files on the vulnerable system (remote access.Vector: NETWORK; impact: high for integrity/availability per ...
CVE-2021-1582
CVE-2021-1582 affects Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud APIC web UI. The root cause is improper input validation in the web UI, allowing an authenticated, remote attacker to supply malicious input that is stored and subsequently executed as script code in t...
CVE-2021-1579
CVE-2021-1579 affects Cisco Application Policy Infrastructure Controller (APIC) and Cloud APIC. A vulnerability in the API endpoint enables privilege escalation due to insufficient RBAC: an attacker with Administrator read-only credentials can issue a crafted API request (using an app with admin ...
CVE-2021-1578
CVE-2021-1578 affects Cisco APIC and Cloud APIC via an API endpoint where improper policy defaults allow an authenticated, remote attacker with unprivileged MSO credentials to send a specific API request and obtain Administrator credentials on the affected device. Connected sources confirm the ro...