Search criteria
102 vulnerabilities found for application_policy_infrastructure_controller by cisco
FKIE_CVE-2025-20118
Vulnerability from fkie_nvd - Published: 2025-02-26 17:15 - Updated: 2025-07-31 17:38
Severity ?
Summary
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B98F6DE0-E0BB-4964-8A05-C65F5165621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D70E3895-DCB3-4172-B98C-6E40F0A4F418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6CAD7459-DE32-4CCD-8FD9-E51E78F5E6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AB7047CE-3246-4148-A976-816F52955EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "195681EC-2C51-4E03-9D6B-98775F91CCDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2159857F-B8BA-4C08-B3B0-F94D391A6396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3110702B-17B0-4CC0-ACF1-373E46B434B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B4DC07AC-B0E9-4963-843E-FFA9461FFBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "99D0E93D-8D70-4232-85B5-916DF9094FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "43499579-9B0B-439E-8E75-18E7B42799FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7F5A4B6-B2E7-419F-A051-CBA3EC4A36C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41FEF58C-6E55-4B50-A26A-0D6CC162572B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AFD7A2FE-4858-4929-98CF-D830D5ADC570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF6ABA87-08F5-4C89-B0A2-D209B6305E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "01076AAB-79F9-40B8-BE1F-411EED87867A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(6i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76E4E4F2-9567-471E-AC73-5CD6AD338C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEAD3085-3271-4E28-9E55-2ED813D796F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80ADB11A-4D8C-4C2D-A483-E5BCD0B52B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF518C44-E1F8-4443-9D73-D620158E7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "569D4548-EE9D-4F33-A6EE-21A7ADF2514E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46F2A714-DA33-449E-9C99-C8D8C15647D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A36D5184-55D1-4CBA-91BC-5E077FB07E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D155016D-6988-4489-A4A1-BFDFB8F702A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C036D5F-67EE-45CE-8D47-2BF483A14922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B468C9AE-396E-445B-AC5D-EAB1BB8EDFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(41d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3686F336-5D02-4984-B465-762EA7AB747D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA2A1A67-093B-4B8D-92EC-74BBDEDC91AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E6D53DB7-C376-481B-9FF5-745290EE2F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A59205CF-AB56-4902-BE58-2823B432A32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF203A26-8EE3-4570-89EB-2C06F228222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0530224D-F85F-41CD-ADF9-29DF060C3BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "807B4B19-7346-4F9A-AC07-ACC9F1AE145E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5775342D-C7A7-454E-BE3C-D0BF0C045C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9496DBE9-0688-49F4-9A13-6AB427BB3663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2DFEF7C4-26F5-4F58-9063-811247E40EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9863BBC-56C8-44FC-B30A-5D12C74B3779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4E54667F-863C-4FC7-8DF2-5515D6766B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "93D1B627-4C61-4A86-8C39-D5C1152F0EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "632F2791-A9E9-4902-9F5F-51F5D8A025AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "511B92C9-9E6D-4919-9CF3-BCAE7802B5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "69D2E5F9-6A86-4F9A-9E71-BA682301D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2x\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706A76CD-F18D-4B95-B996-B0160A91CD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46CDDD7F-018A-4AD7-BBE2-F8602F2BA931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C47A6A0E-84B9-4DE4-98EB-1065E18C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AA157F60-606D-4A5C-8437-D7970C7FA8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "87ED09DD-8305-4CF9-B174-644AC585C92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF98D3C8-A0C6-46EA-9B62-3850868B36A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9BD24A82-0BF7-4B90-BA36-BD6AB204304B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0EA99D3C-21C0-4432-AE97-8F750C8D4D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "095A0E88-E216-4070-A458-8ED6041469B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0FDA1-5C75-4683-B24C-4486EC7E3E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CCD0F519-2B3B-4AF1-BC30-12B8F5F0F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8376ED28-4A53-4E54-94C2-B1C2A744729B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "961D987E-71F7-4CF4-BDAA-0B6ABDEF05D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A584271A-0F2B-4B55-A14B-FA55BC8BD981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9D87AD83-B69E-4C79-9362-984FBD4096B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3930A258-9C03-49E0-B935-136847EF05E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7821B4A2-FFF5-4E2E-B360-9000DD0A1980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08254391-0BEC-4110-8AAF-44B66E76569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6A8CCC02-5269-47CA-9DEE-FB9DF0AEAC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0BB6B9B5-9B85-49FC-83F6-3CD2C3B92D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5627AF1-FB65-44F1-A7E2-98D6B2767887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AF23AD6E-B875-4895-BC82-EA6305927487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B8418157-E12F-4F97-9FAE-601C9BE25D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "270B4C0E-796A-43B3-B3BE-D8C0DF0C0F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E9FDB03C-8B6F-46B2-930A-BD105E41D2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9FA2AA37-6DA9-43D8-9D21-E1ECED85A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5088B144-3349-4E6F-8978-B96FA7AC420F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08791B2A-6B2F-4BAE-9E9B-0B2E5F8B610D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A3067079-4CE4-4F29-BFDB-2CDACD003BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC183AB-16F7-4C43-8F2F-F7508005A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FB58D50B-68C3-40A3-8E0C-151511E22978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7v\\):*:*:*:*:*:*:*",
"matchCriteriaId": "693E0E3A-0AA3-4556-930F-79A13A4506ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0875EE60-A0CE-44C2-AE3A-42BF383BA710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B412D14-9F6F-4608-8CF8-3AE74A694BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BB19FC9F-C52E-48B5-B6F5-5B39F016DC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "091E80DF-2FCF-466D-8D41-A6F5513C0180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F1BBC0EE-5C05-4E88-95CC-2FEB7ABE95C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7587DDE3-79E4-4A7A-B02D-D407B99B6CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C4E68E4-7893-4DC3-9464-03689AEBB2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3DE195AC-67AA-45CD-8F81-96B5B4859869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "35BFCBA5-DDA2-4DC6-BD12-CF1D58CB73F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "92295C80-3DEB-47C8-A26F-CFA156C88B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CD9A687B-642A-4646-A85C-8F5C41B8CD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "697D5222-9FDC-430A-B4AD-18C43606B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4ABB3875-2D9B-4EF5-9DF5-0E7C2E180167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4D660DE6-B3F1-498D-9F0C-919D4FD81913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8BEE0A24-B301-4693-965B-9EDF4FB3E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "832E8780-1C4F-42EE-B3DB-C36D5C39330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BA0E35AD-664F-4A1B-A651-9A6D6699133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B487C5E8-FCDB-4EDC-85A0-69B9143B8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1DA2E2F-D519-46E1-AF0F-1B068EE8CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "19E2370A-EDBD-4F39-9AA2-BB1B48DBC6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B13102E2-A4B5-4E8E-AFBF-7D2824DF07D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1E304F25-6F50-4C86-B488-F3CB80601FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A56BE783-4995-4EE9-90C8-6BAE73588A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EE12D57D-B08E-46DE-9048-F608B1D0432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "36DD76D9-2703-40AF-B154-9F3A268473D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2AFA2721-32D2-4877-BCAB-8E965AAB0B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FB4EB-87BE-4A1B-AB68-9B12F2372090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8638CF95-3422-4F8D-AE5D-FF7F76BFC456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "857F16AE-D927-44E8-B268-F7A2FC4503B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B178BD85-E906-4D5E-9710-22C394038EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FC7D76A6-9CEF-4E74-A991-37725A46A045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "224C813A-61E2-4FE7-A012-8C50D90CB633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D57E315-9795-4AB2-A36D-1979AA3B65E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "010B771A-30B2-4892-B028-08C9AEC170BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "94AEA808-C9C3-4C54-A717-6FB3BC4A32EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CA3ED35C-255F-43D3-A9A9-81AAEA1F3AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B1284FC-805B-4C57-931A-BA422A648777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4BD6BCF2-81B0-4118-9C34-55AEFFAB62BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7CCD0606-F883-469B-BA82-B372B2F33D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F69DA2D-379F-437A-9284-B5C98BC9F94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8D1FF93B-35F0-4CA9-8A7F-4B4B732A81D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F7699F8E-2A17-421E-8078-7EBECE7C2768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C01F1006-7409-459F-A947-7D68D483CCC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7839A222-2CC0-495D-97E6-2421BFB0B948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "11F64391-5096-478C-A955-169F4AEBDC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF29E5EB-2497-4136-9BC7-7E75A6180245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1B7CC4CE-1FF6-45BB-AAC7-367593586AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "64CFF745-E48F-44B9-8C22-12644F0FF06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "97954FE9-2CBF-4016-8FDD-CE7423A65BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F6714932-BC33-41D0-8032-7ED387C6F80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "23C425D3-CF4A-4D2D-9FD6-E7B9A9927ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(6c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C91678F6-6BF7-4158-9FBD-6C439BE54D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(7e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "291A6AB2-121A-49AE-94E0-C9A76A87D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E7075-9EFE-4573-A5E5-F15E622A16A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.1\\(1f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0B3DA1C0-01DB-4773-81EC-A8574030FC59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de los procesos internos del sistema de Cisco APIC podr\u00eda permitir que un atacante local autenticado acceda a informaci\u00f3n confidencial en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas. Esta vulnerabilidad se debe a un enmascaramiento insuficiente de la informaci\u00f3n confidencial que se muestra a trav\u00e9s de los comandos de la interfaz de l\u00ednea de comandos del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el uso de t\u00e9cnicas de reconocimiento en la interfaz de l\u00ednea de comandos del dispositivo. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a informaci\u00f3n confidencial en un dispositivo afectado que podr\u00eda usarse para ataques adicionales."
}
],
"id": "CVE-2025-20118",
"lastModified": "2025-07-31T17:38:18.293",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2025-02-26T17:15:22.723",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20116
Vulnerability from fkie_nvd - Published: 2025-02-26 17:15 - Updated: 2025-07-31 17:34
Severity ?
Summary
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B98F6DE0-E0BB-4964-8A05-C65F5165621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D70E3895-DCB3-4172-B98C-6E40F0A4F418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6CAD7459-DE32-4CCD-8FD9-E51E78F5E6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AB7047CE-3246-4148-A976-816F52955EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "195681EC-2C51-4E03-9D6B-98775F91CCDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2159857F-B8BA-4C08-B3B0-F94D391A6396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3110702B-17B0-4CC0-ACF1-373E46B434B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B4DC07AC-B0E9-4963-843E-FFA9461FFBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "99D0E93D-8D70-4232-85B5-916DF9094FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "43499579-9B0B-439E-8E75-18E7B42799FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7F5A4B6-B2E7-419F-A051-CBA3EC4A36C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41FEF58C-6E55-4B50-A26A-0D6CC162572B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AFD7A2FE-4858-4929-98CF-D830D5ADC570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF6ABA87-08F5-4C89-B0A2-D209B6305E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "01076AAB-79F9-40B8-BE1F-411EED87867A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(6i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76E4E4F2-9567-471E-AC73-5CD6AD338C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEAD3085-3271-4E28-9E55-2ED813D796F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80ADB11A-4D8C-4C2D-A483-E5BCD0B52B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF518C44-E1F8-4443-9D73-D620158E7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "569D4548-EE9D-4F33-A6EE-21A7ADF2514E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46F2A714-DA33-449E-9C99-C8D8C15647D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A36D5184-55D1-4CBA-91BC-5E077FB07E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D155016D-6988-4489-A4A1-BFDFB8F702A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C036D5F-67EE-45CE-8D47-2BF483A14922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B468C9AE-396E-445B-AC5D-EAB1BB8EDFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(41d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3686F336-5D02-4984-B465-762EA7AB747D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA2A1A67-093B-4B8D-92EC-74BBDEDC91AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E6D53DB7-C376-481B-9FF5-745290EE2F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A59205CF-AB56-4902-BE58-2823B432A32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF203A26-8EE3-4570-89EB-2C06F228222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0530224D-F85F-41CD-ADF9-29DF060C3BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "807B4B19-7346-4F9A-AC07-ACC9F1AE145E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5775342D-C7A7-454E-BE3C-D0BF0C045C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9496DBE9-0688-49F4-9A13-6AB427BB3663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2DFEF7C4-26F5-4F58-9063-811247E40EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9863BBC-56C8-44FC-B30A-5D12C74B3779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4E54667F-863C-4FC7-8DF2-5515D6766B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "93D1B627-4C61-4A86-8C39-D5C1152F0EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "632F2791-A9E9-4902-9F5F-51F5D8A025AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "511B92C9-9E6D-4919-9CF3-BCAE7802B5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "69D2E5F9-6A86-4F9A-9E71-BA682301D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2x\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706A76CD-F18D-4B95-B996-B0160A91CD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46CDDD7F-018A-4AD7-BBE2-F8602F2BA931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C47A6A0E-84B9-4DE4-98EB-1065E18C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AA157F60-606D-4A5C-8437-D7970C7FA8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "87ED09DD-8305-4CF9-B174-644AC585C92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF98D3C8-A0C6-46EA-9B62-3850868B36A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9BD24A82-0BF7-4B90-BA36-BD6AB204304B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0EA99D3C-21C0-4432-AE97-8F750C8D4D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "095A0E88-E216-4070-A458-8ED6041469B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0FDA1-5C75-4683-B24C-4486EC7E3E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CCD0F519-2B3B-4AF1-BC30-12B8F5F0F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8376ED28-4A53-4E54-94C2-B1C2A744729B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "961D987E-71F7-4CF4-BDAA-0B6ABDEF05D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A584271A-0F2B-4B55-A14B-FA55BC8BD981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9D87AD83-B69E-4C79-9362-984FBD4096B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3930A258-9C03-49E0-B935-136847EF05E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7821B4A2-FFF5-4E2E-B360-9000DD0A1980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08254391-0BEC-4110-8AAF-44B66E76569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6A8CCC02-5269-47CA-9DEE-FB9DF0AEAC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0BB6B9B5-9B85-49FC-83F6-3CD2C3B92D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5627AF1-FB65-44F1-A7E2-98D6B2767887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AF23AD6E-B875-4895-BC82-EA6305927487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B8418157-E12F-4F97-9FAE-601C9BE25D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "270B4C0E-796A-43B3-B3BE-D8C0DF0C0F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E9FDB03C-8B6F-46B2-930A-BD105E41D2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9FA2AA37-6DA9-43D8-9D21-E1ECED85A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5088B144-3349-4E6F-8978-B96FA7AC420F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08791B2A-6B2F-4BAE-9E9B-0B2E5F8B610D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A3067079-4CE4-4F29-BFDB-2CDACD003BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC183AB-16F7-4C43-8F2F-F7508005A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FB58D50B-68C3-40A3-8E0C-151511E22978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7v\\):*:*:*:*:*:*:*",
"matchCriteriaId": "693E0E3A-0AA3-4556-930F-79A13A4506ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0875EE60-A0CE-44C2-AE3A-42BF383BA710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B412D14-9F6F-4608-8CF8-3AE74A694BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BB19FC9F-C52E-48B5-B6F5-5B39F016DC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "091E80DF-2FCF-466D-8D41-A6F5513C0180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F1BBC0EE-5C05-4E88-95CC-2FEB7ABE95C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7587DDE3-79E4-4A7A-B02D-D407B99B6CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C4E68E4-7893-4DC3-9464-03689AEBB2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3DE195AC-67AA-45CD-8F81-96B5B4859869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "35BFCBA5-DDA2-4DC6-BD12-CF1D58CB73F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "92295C80-3DEB-47C8-A26F-CFA156C88B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CD9A687B-642A-4646-A85C-8F5C41B8CD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "697D5222-9FDC-430A-B4AD-18C43606B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4ABB3875-2D9B-4EF5-9DF5-0E7C2E180167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4D660DE6-B3F1-498D-9F0C-919D4FD81913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8BEE0A24-B301-4693-965B-9EDF4FB3E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "832E8780-1C4F-42EE-B3DB-C36D5C39330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BA0E35AD-664F-4A1B-A651-9A6D6699133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B487C5E8-FCDB-4EDC-85A0-69B9143B8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1DA2E2F-D519-46E1-AF0F-1B068EE8CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "19E2370A-EDBD-4F39-9AA2-BB1B48DBC6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B13102E2-A4B5-4E8E-AFBF-7D2824DF07D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1E304F25-6F50-4C86-B488-F3CB80601FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A56BE783-4995-4EE9-90C8-6BAE73588A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EE12D57D-B08E-46DE-9048-F608B1D0432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "36DD76D9-2703-40AF-B154-9F3A268473D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2AFA2721-32D2-4877-BCAB-8E965AAB0B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FB4EB-87BE-4A1B-AB68-9B12F2372090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8638CF95-3422-4F8D-AE5D-FF7F76BFC456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "857F16AE-D927-44E8-B268-F7A2FC4503B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B178BD85-E906-4D5E-9710-22C394038EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FC7D76A6-9CEF-4E74-A991-37725A46A045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "224C813A-61E2-4FE7-A012-8C50D90CB633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D57E315-9795-4AB2-A36D-1979AA3B65E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "010B771A-30B2-4892-B028-08C9AEC170BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "94AEA808-C9C3-4C54-A717-6FB3BC4A32EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CA3ED35C-255F-43D3-A9A9-81AAEA1F3AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B1284FC-805B-4C57-931A-BA422A648777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4BD6BCF2-81B0-4118-9C34-55AEFFAB62BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7CCD0606-F883-469B-BA82-B372B2F33D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F69DA2D-379F-437A-9284-B5C98BC9F94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8D1FF93B-35F0-4CA9-8A7F-4B4B732A81D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F7699F8E-2A17-421E-8078-7EBECE7C2768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C01F1006-7409-459F-A947-7D68D483CCC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7839A222-2CC0-495D-97E6-2421BFB0B948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "11F64391-5096-478C-A955-169F4AEBDC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF29E5EB-2497-4136-9BC7-7E75A6180245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1B7CC4CE-1FF6-45BB-AAC7-367593586AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "64CFF745-E48F-44B9-8C22-12644F0FF06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "97954FE9-2CBF-4016-8FDD-CE7423A65BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F6714932-BC33-41D0-8032-7ED387C6F80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "23C425D3-CF4A-4D2D-9FD6-E7B9A9927ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(6c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C91678F6-6BF7-4158-9FBD-6C439BE54D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(7e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "291A6AB2-121A-49AE-94E0-C9A76A87D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E7075-9EFE-4573-A5E5-F15E622A16A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.1\\(1f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0B3DA1C0-01DB-4773-81EC-A8574030FC59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz web de Cisco APIC podr\u00eda permitir que un atacante remoto autenticado realice un ataque XSS almacenado en un sistema afectado. Para aprovechar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada incorrecta en la interfaz web. Un atacante autenticado podr\u00eda aprovechar esta vulnerabilidad inyectando c\u00f3digo malicioso en p\u00e1ginas espec\u00edficas de la interfaz web. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz web o acceder a informaci\u00f3n confidencial basada en el navegador."
}
],
"id": "CVE-2025-20116",
"lastModified": "2025-07-31T17:34:17.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-02-26T17:15:22.403",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20119
Vulnerability from fkie_nvd - Published: 2025-02-26 17:15 - Updated: 2025-07-31 17:40
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
5.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
5.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B98F6DE0-E0BB-4964-8A05-C65F5165621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D70E3895-DCB3-4172-B98C-6E40F0A4F418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6CAD7459-DE32-4CCD-8FD9-E51E78F5E6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AB7047CE-3246-4148-A976-816F52955EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "195681EC-2C51-4E03-9D6B-98775F91CCDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2159857F-B8BA-4C08-B3B0-F94D391A6396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3110702B-17B0-4CC0-ACF1-373E46B434B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B4DC07AC-B0E9-4963-843E-FFA9461FFBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "99D0E93D-8D70-4232-85B5-916DF9094FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "43499579-9B0B-439E-8E75-18E7B42799FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7F5A4B6-B2E7-419F-A051-CBA3EC4A36C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41FEF58C-6E55-4B50-A26A-0D6CC162572B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AFD7A2FE-4858-4929-98CF-D830D5ADC570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF6ABA87-08F5-4C89-B0A2-D209B6305E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "01076AAB-79F9-40B8-BE1F-411EED87867A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(6i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76E4E4F2-9567-471E-AC73-5CD6AD338C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEAD3085-3271-4E28-9E55-2ED813D796F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80ADB11A-4D8C-4C2D-A483-E5BCD0B52B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF518C44-E1F8-4443-9D73-D620158E7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "569D4548-EE9D-4F33-A6EE-21A7ADF2514E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46F2A714-DA33-449E-9C99-C8D8C15647D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A36D5184-55D1-4CBA-91BC-5E077FB07E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D155016D-6988-4489-A4A1-BFDFB8F702A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C036D5F-67EE-45CE-8D47-2BF483A14922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B468C9AE-396E-445B-AC5D-EAB1BB8EDFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(41d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3686F336-5D02-4984-B465-762EA7AB747D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA2A1A67-093B-4B8D-92EC-74BBDEDC91AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E6D53DB7-C376-481B-9FF5-745290EE2F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A59205CF-AB56-4902-BE58-2823B432A32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF203A26-8EE3-4570-89EB-2C06F228222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0530224D-F85F-41CD-ADF9-29DF060C3BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "807B4B19-7346-4F9A-AC07-ACC9F1AE145E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5775342D-C7A7-454E-BE3C-D0BF0C045C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9496DBE9-0688-49F4-9A13-6AB427BB3663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2DFEF7C4-26F5-4F58-9063-811247E40EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9863BBC-56C8-44FC-B30A-5D12C74B3779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4E54667F-863C-4FC7-8DF2-5515D6766B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "93D1B627-4C61-4A86-8C39-D5C1152F0EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "632F2791-A9E9-4902-9F5F-51F5D8A025AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "511B92C9-9E6D-4919-9CF3-BCAE7802B5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "69D2E5F9-6A86-4F9A-9E71-BA682301D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2x\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706A76CD-F18D-4B95-B996-B0160A91CD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46CDDD7F-018A-4AD7-BBE2-F8602F2BA931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C47A6A0E-84B9-4DE4-98EB-1065E18C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AA157F60-606D-4A5C-8437-D7970C7FA8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "87ED09DD-8305-4CF9-B174-644AC585C92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF98D3C8-A0C6-46EA-9B62-3850868B36A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9BD24A82-0BF7-4B90-BA36-BD6AB204304B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0EA99D3C-21C0-4432-AE97-8F750C8D4D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "095A0E88-E216-4070-A458-8ED6041469B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0FDA1-5C75-4683-B24C-4486EC7E3E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CCD0F519-2B3B-4AF1-BC30-12B8F5F0F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8376ED28-4A53-4E54-94C2-B1C2A744729B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "961D987E-71F7-4CF4-BDAA-0B6ABDEF05D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A584271A-0F2B-4B55-A14B-FA55BC8BD981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9D87AD83-B69E-4C79-9362-984FBD4096B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3930A258-9C03-49E0-B935-136847EF05E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7821B4A2-FFF5-4E2E-B360-9000DD0A1980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08254391-0BEC-4110-8AAF-44B66E76569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6A8CCC02-5269-47CA-9DEE-FB9DF0AEAC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0BB6B9B5-9B85-49FC-83F6-3CD2C3B92D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5627AF1-FB65-44F1-A7E2-98D6B2767887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AF23AD6E-B875-4895-BC82-EA6305927487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B8418157-E12F-4F97-9FAE-601C9BE25D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "270B4C0E-796A-43B3-B3BE-D8C0DF0C0F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E9FDB03C-8B6F-46B2-930A-BD105E41D2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9FA2AA37-6DA9-43D8-9D21-E1ECED85A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5088B144-3349-4E6F-8978-B96FA7AC420F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08791B2A-6B2F-4BAE-9E9B-0B2E5F8B610D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A3067079-4CE4-4F29-BFDB-2CDACD003BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC183AB-16F7-4C43-8F2F-F7508005A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FB58D50B-68C3-40A3-8E0C-151511E22978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7v\\):*:*:*:*:*:*:*",
"matchCriteriaId": "693E0E3A-0AA3-4556-930F-79A13A4506ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0875EE60-A0CE-44C2-AE3A-42BF383BA710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B412D14-9F6F-4608-8CF8-3AE74A694BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BB19FC9F-C52E-48B5-B6F5-5B39F016DC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "091E80DF-2FCF-466D-8D41-A6F5513C0180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F1BBC0EE-5C05-4E88-95CC-2FEB7ABE95C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7587DDE3-79E4-4A7A-B02D-D407B99B6CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C4E68E4-7893-4DC3-9464-03689AEBB2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3DE195AC-67AA-45CD-8F81-96B5B4859869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "35BFCBA5-DDA2-4DC6-BD12-CF1D58CB73F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "92295C80-3DEB-47C8-A26F-CFA156C88B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CD9A687B-642A-4646-A85C-8F5C41B8CD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "697D5222-9FDC-430A-B4AD-18C43606B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4ABB3875-2D9B-4EF5-9DF5-0E7C2E180167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4D660DE6-B3F1-498D-9F0C-919D4FD81913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8BEE0A24-B301-4693-965B-9EDF4FB3E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "832E8780-1C4F-42EE-B3DB-C36D5C39330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BA0E35AD-664F-4A1B-A651-9A6D6699133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B487C5E8-FCDB-4EDC-85A0-69B9143B8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1DA2E2F-D519-46E1-AF0F-1B068EE8CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "19E2370A-EDBD-4F39-9AA2-BB1B48DBC6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B13102E2-A4B5-4E8E-AFBF-7D2824DF07D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1E304F25-6F50-4C86-B488-F3CB80601FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A56BE783-4995-4EE9-90C8-6BAE73588A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EE12D57D-B08E-46DE-9048-F608B1D0432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "36DD76D9-2703-40AF-B154-9F3A268473D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2AFA2721-32D2-4877-BCAB-8E965AAB0B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FB4EB-87BE-4A1B-AB68-9B12F2372090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8638CF95-3422-4F8D-AE5D-FF7F76BFC456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "857F16AE-D927-44E8-B268-F7A2FC4503B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B178BD85-E906-4D5E-9710-22C394038EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FC7D76A6-9CEF-4E74-A991-37725A46A045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "224C813A-61E2-4FE7-A012-8C50D90CB633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D57E315-9795-4AB2-A36D-1979AA3B65E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "010B771A-30B2-4892-B028-08C9AEC170BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "94AEA808-C9C3-4C54-A717-6FB3BC4A32EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CA3ED35C-255F-43D3-A9A9-81AAEA1F3AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B1284FC-805B-4C57-931A-BA422A648777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4BD6BCF2-81B0-4118-9C34-55AEFFAB62BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7CCD0606-F883-469B-BA82-B372B2F33D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F69DA2D-379F-437A-9284-B5C98BC9F94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8D1FF93B-35F0-4CA9-8A7F-4B4B732A81D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F7699F8E-2A17-421E-8078-7EBECE7C2768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C01F1006-7409-459F-A947-7D68D483CCC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7839A222-2CC0-495D-97E6-2421BFB0B948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "11F64391-5096-478C-A955-169F4AEBDC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF29E5EB-2497-4136-9BC7-7E75A6180245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1B7CC4CE-1FF6-45BB-AAC7-367593586AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "64CFF745-E48F-44B9-8C22-12644F0FF06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "97954FE9-2CBF-4016-8FDD-CE7423A65BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F6714932-BC33-41D0-8032-7ED387C6F80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "23C425D3-CF4A-4D2D-9FD6-E7B9A9927ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(6c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C91678F6-6BF7-4158-9FBD-6C439BE54D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(7e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "291A6AB2-121A-49AE-94E0-C9A76A87D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E7075-9EFE-4573-A5E5-F15E622A16A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.1\\(1f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0B3DA1C0-01DB-4773-81EC-A8574030FC59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la gesti\u00f3n de permisos de archivos del sistema de Cisco APIC podr\u00eda permitir que un atacante local autenticado sobrescribiera archivos cr\u00edticos del sistema, lo que podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas. Esta vulnerabilidad se debe a una condici\u00f3n de ejecuci\u00f3n con la gesti\u00f3n de archivos del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad al realizar operaciones espec\u00edficas en el sistema de archivos. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante sobrescribir archivos del sistema, lo que podr\u00eda hacer que el dispositivo est\u00e9 en un estado inconsistente y causar una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2025-20119",
"lastModified": "2025-07-31T17:40:38.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-26T17:15:22.883",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-20117
Vulnerability from fkie_nvd - Published: 2025-02-26 17:15 - Updated: 2025-07-31 17:37
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B98F6DE0-E0BB-4964-8A05-C65F5165621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D70E3895-DCB3-4172-B98C-6E40F0A4F418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6CAD7459-DE32-4CCD-8FD9-E51E78F5E6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AB7047CE-3246-4148-A976-816F52955EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "195681EC-2C51-4E03-9D6B-98775F91CCDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2159857F-B8BA-4C08-B3B0-F94D391A6396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3110702B-17B0-4CC0-ACF1-373E46B434B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B4DC07AC-B0E9-4963-843E-FFA9461FFBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "99D0E93D-8D70-4232-85B5-916DF9094FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "43499579-9B0B-439E-8E75-18E7B42799FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7F5A4B6-B2E7-419F-A051-CBA3EC4A36C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41FEF58C-6E55-4B50-A26A-0D6CC162572B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AFD7A2FE-4858-4929-98CF-D830D5ADC570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF6ABA87-08F5-4C89-B0A2-D209B6305E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "01076AAB-79F9-40B8-BE1F-411EED87867A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(6i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76E4E4F2-9567-471E-AC73-5CD6AD338C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEAD3085-3271-4E28-9E55-2ED813D796F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80ADB11A-4D8C-4C2D-A483-E5BCD0B52B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF518C44-E1F8-4443-9D73-D620158E7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "569D4548-EE9D-4F33-A6EE-21A7ADF2514E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46F2A714-DA33-449E-9C99-C8D8C15647D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A36D5184-55D1-4CBA-91BC-5E077FB07E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D155016D-6988-4489-A4A1-BFDFB8F702A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C036D5F-67EE-45CE-8D47-2BF483A14922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B468C9AE-396E-445B-AC5D-EAB1BB8EDFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(41d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3686F336-5D02-4984-B465-762EA7AB747D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA2A1A67-093B-4B8D-92EC-74BBDEDC91AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E6D53DB7-C376-481B-9FF5-745290EE2F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A59205CF-AB56-4902-BE58-2823B432A32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF203A26-8EE3-4570-89EB-2C06F228222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0530224D-F85F-41CD-ADF9-29DF060C3BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "807B4B19-7346-4F9A-AC07-ACC9F1AE145E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5775342D-C7A7-454E-BE3C-D0BF0C045C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9496DBE9-0688-49F4-9A13-6AB427BB3663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2DFEF7C4-26F5-4F58-9063-811247E40EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9863BBC-56C8-44FC-B30A-5D12C74B3779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4E54667F-863C-4FC7-8DF2-5515D6766B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "93D1B627-4C61-4A86-8C39-D5C1152F0EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "632F2791-A9E9-4902-9F5F-51F5D8A025AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "511B92C9-9E6D-4919-9CF3-BCAE7802B5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "69D2E5F9-6A86-4F9A-9E71-BA682301D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2x\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706A76CD-F18D-4B95-B996-B0160A91CD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46CDDD7F-018A-4AD7-BBE2-F8602F2BA931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C47A6A0E-84B9-4DE4-98EB-1065E18C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AA157F60-606D-4A5C-8437-D7970C7FA8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "87ED09DD-8305-4CF9-B174-644AC585C92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF98D3C8-A0C6-46EA-9B62-3850868B36A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9BD24A82-0BF7-4B90-BA36-BD6AB204304B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0EA99D3C-21C0-4432-AE97-8F750C8D4D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "095A0E88-E216-4070-A458-8ED6041469B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0FDA1-5C75-4683-B24C-4486EC7E3E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CCD0F519-2B3B-4AF1-BC30-12B8F5F0F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8376ED28-4A53-4E54-94C2-B1C2A744729B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "961D987E-71F7-4CF4-BDAA-0B6ABDEF05D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A584271A-0F2B-4B55-A14B-FA55BC8BD981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9D87AD83-B69E-4C79-9362-984FBD4096B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3930A258-9C03-49E0-B935-136847EF05E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7821B4A2-FFF5-4E2E-B360-9000DD0A1980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08254391-0BEC-4110-8AAF-44B66E76569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6A8CCC02-5269-47CA-9DEE-FB9DF0AEAC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0BB6B9B5-9B85-49FC-83F6-3CD2C3B92D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5627AF1-FB65-44F1-A7E2-98D6B2767887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AF23AD6E-B875-4895-BC82-EA6305927487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B8418157-E12F-4F97-9FAE-601C9BE25D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "270B4C0E-796A-43B3-B3BE-D8C0DF0C0F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E9FDB03C-8B6F-46B2-930A-BD105E41D2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9FA2AA37-6DA9-43D8-9D21-E1ECED85A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5088B144-3349-4E6F-8978-B96FA7AC420F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08791B2A-6B2F-4BAE-9E9B-0B2E5F8B610D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A3067079-4CE4-4F29-BFDB-2CDACD003BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC183AB-16F7-4C43-8F2F-F7508005A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FB58D50B-68C3-40A3-8E0C-151511E22978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7v\\):*:*:*:*:*:*:*",
"matchCriteriaId": "693E0E3A-0AA3-4556-930F-79A13A4506ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0875EE60-A0CE-44C2-AE3A-42BF383BA710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B412D14-9F6F-4608-8CF8-3AE74A694BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BB19FC9F-C52E-48B5-B6F5-5B39F016DC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "091E80DF-2FCF-466D-8D41-A6F5513C0180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F1BBC0EE-5C05-4E88-95CC-2FEB7ABE95C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7587DDE3-79E4-4A7A-B02D-D407B99B6CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C4E68E4-7893-4DC3-9464-03689AEBB2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3DE195AC-67AA-45CD-8F81-96B5B4859869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "35BFCBA5-DDA2-4DC6-BD12-CF1D58CB73F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "92295C80-3DEB-47C8-A26F-CFA156C88B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CD9A687B-642A-4646-A85C-8F5C41B8CD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "697D5222-9FDC-430A-B4AD-18C43606B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4ABB3875-2D9B-4EF5-9DF5-0E7C2E180167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4D660DE6-B3F1-498D-9F0C-919D4FD81913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8BEE0A24-B301-4693-965B-9EDF4FB3E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "832E8780-1C4F-42EE-B3DB-C36D5C39330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BA0E35AD-664F-4A1B-A651-9A6D6699133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B487C5E8-FCDB-4EDC-85A0-69B9143B8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1DA2E2F-D519-46E1-AF0F-1B068EE8CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "19E2370A-EDBD-4F39-9AA2-BB1B48DBC6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B13102E2-A4B5-4E8E-AFBF-7D2824DF07D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1E304F25-6F50-4C86-B488-F3CB80601FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A56BE783-4995-4EE9-90C8-6BAE73588A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EE12D57D-B08E-46DE-9048-F608B1D0432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "36DD76D9-2703-40AF-B154-9F3A268473D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2AFA2721-32D2-4877-BCAB-8E965AAB0B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FB4EB-87BE-4A1B-AB68-9B12F2372090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8638CF95-3422-4F8D-AE5D-FF7F76BFC456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "857F16AE-D927-44E8-B268-F7A2FC4503B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B178BD85-E906-4D5E-9710-22C394038EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FC7D76A6-9CEF-4E74-A991-37725A46A045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "224C813A-61E2-4FE7-A012-8C50D90CB633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D57E315-9795-4AB2-A36D-1979AA3B65E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "010B771A-30B2-4892-B028-08C9AEC170BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "94AEA808-C9C3-4C54-A717-6FB3BC4A32EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CA3ED35C-255F-43D3-A9A9-81AAEA1F3AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B1284FC-805B-4C57-931A-BA422A648777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4BD6BCF2-81B0-4118-9C34-55AEFFAB62BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7CCD0606-F883-469B-BA82-B372B2F33D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F69DA2D-379F-437A-9284-B5C98BC9F94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8D1FF93B-35F0-4CA9-8A7F-4B4B732A81D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F7699F8E-2A17-421E-8078-7EBECE7C2768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C01F1006-7409-459F-A947-7D68D483CCC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7839A222-2CC0-495D-97E6-2421BFB0B948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "11F64391-5096-478C-A955-169F4AEBDC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF29E5EB-2497-4136-9BC7-7E75A6180245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1B7CC4CE-1FF6-45BB-AAC7-367593586AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "64CFF745-E48F-44B9-8C22-12644F0FF06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "97954FE9-2CBF-4016-8FDD-CE7423A65BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F6714932-BC33-41D0-8032-7ED387C6F80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "23C425D3-CF4A-4D2D-9FD6-E7B9A9927ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(6c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C91678F6-6BF7-4158-9FBD-6C439BE54D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(7e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "291A6AB2-121A-49AE-94E0-C9A76A87D48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7C4E7075-9EFE-4573-A5E5-F15E622A16A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.1\\(1f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0B3DA1C0-01DB-4773-81EC-A8574030FC59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root\u0026nbsp;on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la CLI de Cisco APIC podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios como superusuario en el sistema operativo subyacente de un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los argumentos que se pasan a comandos CLI espec\u00edficos. Un atacante podr\u00eda explotar esta vulnerabilidad al incluir una entrada manipulada como argumento de un comando CLI afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante ejecute comandos arbitrarios en el sistema operativo subyacente con los privilegios de superusuario."
}
],
"id": "CVE-2025-20117",
"lastModified": "2025-07-31T17:37:13.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 4.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-26T17:15:22.567",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-20478
Vulnerability from fkie_nvd - Published: 2024-08-28 17:15 - Updated: 2025-08-01 15:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.
This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.
Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "59871F24-D47D-4D20-A8F7-D5F30D9288FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FFF54ABE-3471-4FC5-A1C3-80FF87DDF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AFA3EEBB-D9FA-4B8D-AEF5-CBC8DACD42E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A2CEEF00-458D-461D-96FA-A378A22438C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8909CF82-A1A7-4B9B-A69F-85C2BD8CF832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6A38541B-FE5A-411B-BEB0-FF28AEEA17BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8773D588-6E96-4F6C-B618-F711B3BF04B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "073383DB-E3A5-4030-B8B3-D4CBE7EEB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(3f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C11FB6E8-A139-40F7-A771-389BA5206AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1BBDC37-226D-4D8B-AD85-2B9A21ECC1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "03A764F1-A6EC-41A1-95DF-2E75F48CF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C6AC80C5-C349-44D9-84D9-9DF6DCFD9F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F378194-2040-42E1-BACB-270126D1C6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6D412265-25F9-4087-999E-561B0D96CAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FA276-DDD5-48CF-9B4F-D0688E40A091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "04D19E1F-6B31-46AC-8FBC-30468E1A0F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "82F31D0C-1807-473E-BE5E-4C945114EAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED1EF0D6-094A-4699-803F-AB96CD113E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F8499179-7BD6-4605-A08E-54DC21D7496D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DE51A247-D9E3-4025-BBF7-BC68D8190121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B3448D83-84AE-4C06-BA71-4B4A24C7098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE7121B8-8256-4B96-AA15-3262977FF65B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "26615E8A-C710-4881-88E4-D7DAD11BD034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5783EA56-51D4-467F-A42F-26F21CC2405F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC7746A7-1BD2-4F3B-8E41-EFBA158792A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B404ABB6-2988-4973-81D0-ADB8FD6A03C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E2E1753-FBA2-4FB4-A08B-DA89CE015DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6202C8C1-4C32-4DB5-BAED-6492C5696FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86123C20-F793-4C51-9AE2-5134D85A5824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1ADDABE6-F6E7-40D8-B722-62B9D60793A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "50B0249E-77A0-4F8D-91C2-CAE21172E318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DEF694D0-E231-454D-B7EB-BBBDE205C836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F9EA8960-D815-429B-8B4C-D6163D00FF1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3B3D7910-9457-4D33-A5C7-56D7DFBE7AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C3965A0E-FFCC-48E4-9EA7-78D00D5D25B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2A22792-0E25-49DD-AC19-2649FEE8B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E1D72E2F-A407-4769-A1A4-49553326C9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC0BA53B-3060-474A-8A2A-9742279040C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "872548A1-4BCC-4DC5-AF3D-88A28F27DE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7B68FDB0-6B31-4EE5-838A-27BA051043BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F38745F6-759E-405B-86A1-EAB235757598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ABD945AD-C130-44C0-A6EB-AE95996F6BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "63EDC24A-8AFF-4F35-8E7B-8BF7D0102715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2A2EA0E-862E-412A-A800-975393886880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F71ECF47-CACB-4CF1-8E7E-5A50F8B7F237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DE4484C5-50D6-466A-99AE-FE4AC6B7F50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "252701EC-C44C-4494-B13D-294C8D7FCF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "42E5CF24-2BED-47EF-8F20-DCAF6BED4BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8C041B68-4A70-4524-9654-9A9BFF39166A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2152CDF7-C8E0-45EB-88E6-C2A6D5B2DF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B611E80F-EA2E-4D7E-81AD-7D3A72F6E9E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B25E0AD-D545-4A7E-A608-E62698E911FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EE408917-A902-4634-9906-07A32CBB124B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4FB3658C-9F99-4823-9A08-E97A06668393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "291998AB-5957-4CC1-BD3D-996F0764AD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B2315776-4D74-4672-B1D3-2642665B1E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "37E09919-80A7-48D4-AEDD-35E730AD09AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F362B8CA-C81A-4E74-905C-F260C6E1EA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E851F59D-8A0F-4970-8119-BD56C288FA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B127F37A-FCEE-4C6E-8B5A-4A895975151E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(4a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F358540C-2EA5-4F71-9271-A0DA74B7A5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1ADFFE45-ED23-4CF7-AE04-6F0D2C2B545D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EA219653-6F5A-488F-9EFC-435FD8F85E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2C46B1A5-155F-4767-AB25-615070B55D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C4EF3DD8-34EE-40EE-B000-A2BFDDDA8F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AB155994-1A3C-4D6A-8DB2-F2AE2DFAF14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C6730F80-A0AD-4892-BD71-7978AC375923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41C79CC4-A070-4DC0-BD9B-6B33539D0869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F0DFDEE6-C3F0-4B79-96B7-066A51684A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "309CBE89-4F35-4463-B6C9-23D4C5994AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F7E95FF-3748-4E36-BE31-B3708C1B9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "87EF7A09-EA93-462F-B6F2-74F1FBC77C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "30C5CEC7-D8DC-412C-9A11-FA43FD0A135C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1A7C3803-06E7-4537-ABF1-C1F8BC057FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C724B36D-59DE-4271-AFE3-6EF457943297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "015F7055-A245-4121-86A8-8A2EACDFFD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "750463F9-AB39-40C6-B09E-A6B8D9E188BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "11C9AB94-BAB7-4901-A543-0766AF8B5905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "59C18719-C70A-4035-9E33-B6BCBB32569F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED195134-3A89-4799-8D61-1556F4AC75B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "956BE54B-D4BF-472E-BA3C-3A5D62B07478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2422C229-9EFB-4E45-8F46-59B2B56E5D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED836EFF-3683-4570-A07A-69B25D158AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "636B6C27-649B-4BD9-82B8-107C7B80167B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E70B6A71-E2EB-499B-BEED-3AFD26156376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5EAA91B4-EE42-480A-A18F-AE92951F242F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4A144290-A7C8-4534-AFCC-2AF372D53022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "442E6989-98AD-41C3-B585-CEF3AFEE1C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80CF50E4-3BF7-4E0A-A5E8-1E12088F31BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7311AC8-E3A9-425E-BFBE-AAC76460EFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2126ED56-1718-430D-994A-3A141CDA8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7C925A0A-BB63-47AE-A8BE-283C6C4F6F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E528E32E-EED8-4FBD-A5E7-A4210B8DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "347BECFB-3E74-4227-A959-133F0CECFEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4B649677-4967-4B9D-B051-F3FC424DB16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED20238B-506D-4BC3-9D21-E36AE6D72C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B12952D7-A833-4D07-A9A4-DC8C37337EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA3003DF-C6F4-4BC2-9FA3-E6ED71FC2DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D58B016-88D0-4B01-9E27-488F0C07BB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2v\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4299A189-73E4-4C7A-B7F4-AFB878CB74DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B98F6DE0-E0BB-4964-8A05-C65F5165621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D70E3895-DCB3-4172-B98C-6E40F0A4F418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6CAD7459-DE32-4CCD-8FD9-E51E78F5E6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AB7047CE-3246-4148-A976-816F52955EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "195681EC-2C51-4E03-9D6B-98775F91CCDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2159857F-B8BA-4C08-B3B0-F94D391A6396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3110702B-17B0-4CC0-ACF1-373E46B434B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B4DC07AC-B0E9-4963-843E-FFA9461FFBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "99D0E93D-8D70-4232-85B5-916DF9094FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "43499579-9B0B-439E-8E75-18E7B42799FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7F5A4B6-B2E7-419F-A051-CBA3EC4A36C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41FEF58C-6E55-4B50-A26A-0D6CC162572B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AFD7A2FE-4858-4929-98CF-D830D5ADC570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF6ABA87-08F5-4C89-B0A2-D209B6305E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "01076AAB-79F9-40B8-BE1F-411EED87867A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(6i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76E4E4F2-9567-471E-AC73-5CD6AD338C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEAD3085-3271-4E28-9E55-2ED813D796F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80ADB11A-4D8C-4C2D-A483-E5BCD0B52B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF518C44-E1F8-4443-9D73-D620158E7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "569D4548-EE9D-4F33-A6EE-21A7ADF2514E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46F2A714-DA33-449E-9C99-C8D8C15647D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A36D5184-55D1-4CBA-91BC-5E077FB07E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D155016D-6988-4489-A4A1-BFDFB8F702A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C036D5F-67EE-45CE-8D47-2BF483A14922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B468C9AE-396E-445B-AC5D-EAB1BB8EDFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(41d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3686F336-5D02-4984-B465-762EA7AB747D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA2A1A67-093B-4B8D-92EC-74BBDEDC91AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E6D53DB7-C376-481B-9FF5-745290EE2F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A59205CF-AB56-4902-BE58-2823B432A32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF203A26-8EE3-4570-89EB-2C06F228222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0530224D-F85F-41CD-ADF9-29DF060C3BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "807B4B19-7346-4F9A-AC07-ACC9F1AE145E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5775342D-C7A7-454E-BE3C-D0BF0C045C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9496DBE9-0688-49F4-9A13-6AB427BB3663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2DFEF7C4-26F5-4F58-9063-811247E40EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9863BBC-56C8-44FC-B30A-5D12C74B3779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4E54667F-863C-4FC7-8DF2-5515D6766B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "93D1B627-4C61-4A86-8C39-D5C1152F0EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "632F2791-A9E9-4902-9F5F-51F5D8A025AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "511B92C9-9E6D-4919-9CF3-BCAE7802B5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "69D2E5F9-6A86-4F9A-9E71-BA682301D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2x\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706A76CD-F18D-4B95-B996-B0160A91CD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46CDDD7F-018A-4AD7-BBE2-F8602F2BA931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C47A6A0E-84B9-4DE4-98EB-1065E18C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AA157F60-606D-4A5C-8437-D7970C7FA8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "87ED09DD-8305-4CF9-B174-644AC585C92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF98D3C8-A0C6-46EA-9B62-3850868B36A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9BD24A82-0BF7-4B90-BA36-BD6AB204304B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0EA99D3C-21C0-4432-AE97-8F750C8D4D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "095A0E88-E216-4070-A458-8ED6041469B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0FDA1-5C75-4683-B24C-4486EC7E3E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CCD0F519-2B3B-4AF1-BC30-12B8F5F0F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8376ED28-4A53-4E54-94C2-B1C2A744729B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "961D987E-71F7-4CF4-BDAA-0B6ABDEF05D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A584271A-0F2B-4B55-A14B-FA55BC8BD981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9D87AD83-B69E-4C79-9362-984FBD4096B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3930A258-9C03-49E0-B935-136847EF05E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7821B4A2-FFF5-4E2E-B360-9000DD0A1980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08254391-0BEC-4110-8AAF-44B66E76569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6A8CCC02-5269-47CA-9DEE-FB9DF0AEAC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0BB6B9B5-9B85-49FC-83F6-3CD2C3B92D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5627AF1-FB65-44F1-A7E2-98D6B2767887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AF23AD6E-B875-4895-BC82-EA6305927487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B8418157-E12F-4F97-9FAE-601C9BE25D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "270B4C0E-796A-43B3-B3BE-D8C0DF0C0F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E9FDB03C-8B6F-46B2-930A-BD105E41D2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9FA2AA37-6DA9-43D8-9D21-E1ECED85A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5088B144-3349-4E6F-8978-B96FA7AC420F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08791B2A-6B2F-4BAE-9E9B-0B2E5F8B610D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A3067079-4CE4-4F29-BFDB-2CDACD003BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC183AB-16F7-4C43-8F2F-F7508005A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FB58D50B-68C3-40A3-8E0C-151511E22978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7v\\):*:*:*:*:*:*:*",
"matchCriteriaId": "693E0E3A-0AA3-4556-930F-79A13A4506ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0875EE60-A0CE-44C2-AE3A-42BF383BA710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B412D14-9F6F-4608-8CF8-3AE74A694BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BB19FC9F-C52E-48B5-B6F5-5B39F016DC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "091E80DF-2FCF-466D-8D41-A6F5513C0180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F1BBC0EE-5C05-4E88-95CC-2FEB7ABE95C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7587DDE3-79E4-4A7A-B02D-D407B99B6CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C4E68E4-7893-4DC3-9464-03689AEBB2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3DE195AC-67AA-45CD-8F81-96B5B4859869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "35BFCBA5-DDA2-4DC6-BD12-CF1D58CB73F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "92295C80-3DEB-47C8-A26F-CFA156C88B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CD9A687B-642A-4646-A85C-8F5C41B8CD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "697D5222-9FDC-430A-B4AD-18C43606B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4ABB3875-2D9B-4EF5-9DF5-0E7C2E180167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4D660DE6-B3F1-498D-9F0C-919D4FD81913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8BEE0A24-B301-4693-965B-9EDF4FB3E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "832E8780-1C4F-42EE-B3DB-C36D5C39330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BA0E35AD-664F-4A1B-A651-9A6D6699133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B487C5E8-FCDB-4EDC-85A0-69B9143B8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1DA2E2F-D519-46E1-AF0F-1B068EE8CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "19E2370A-EDBD-4F39-9AA2-BB1B48DBC6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B13102E2-A4B5-4E8E-AFBF-7D2824DF07D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1E304F25-6F50-4C86-B488-F3CB80601FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A56BE783-4995-4EE9-90C8-6BAE73588A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EE12D57D-B08E-46DE-9048-F608B1D0432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "36DD76D9-2703-40AF-B154-9F3A268473D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2AFA2721-32D2-4877-BCAB-8E965AAB0B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FB4EB-87BE-4A1B-AB68-9B12F2372090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8638CF95-3422-4F8D-AE5D-FF7F76BFC456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "857F16AE-D927-44E8-B268-F7A2FC4503B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B178BD85-E906-4D5E-9710-22C394038EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FC7D76A6-9CEF-4E74-A991-37725A46A045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "224C813A-61E2-4FE7-A012-8C50D90CB633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D57E315-9795-4AB2-A36D-1979AA3B65E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "010B771A-30B2-4892-B028-08C9AEC170BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "94AEA808-C9C3-4C54-A717-6FB3BC4A32EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CA3ED35C-255F-43D3-A9A9-81AAEA1F3AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B1284FC-805B-4C57-931A-BA422A648777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4BD6BCF2-81B0-4118-9C34-55AEFFAB62BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7CCD0606-F883-469B-BA82-B372B2F33D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F7699F8E-2A17-421E-8078-7EBECE7C2768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C01F1006-7409-459F-A947-7D68D483CCC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7839A222-2CC0-495D-97E6-2421BFB0B948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "11F64391-5096-478C-A955-169F4AEBDC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF29E5EB-2497-4136-9BC7-7E75A6180245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1B7CC4CE-1FF6-45BB-AAC7-367593586AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "64CFF745-E48F-44B9-8C22-12644F0FF06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "97954FE9-2CBF-4016-8FDD-CE7423A65BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F6714932-BC33-41D0-8032-7ED387C6F80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "23C425D3-CF4A-4D2D-9FD6-E7B9A9927ED7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco\u0026nbsp;Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.\r\n\r\nThis vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.\r\nNote: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente de actualizaci\u00f3n de software de Cisco Application Policy Infrastructure Controller (APIC) y Cisco Cloud Network Controller, anteriormente Cisco Cloud APIC, podr\u00eda permitir que un atacante remoto autenticado con privilegios de nivel de administrador instale una imagen de software modificada, lo que lleva a la inyecci\u00f3n de c\u00f3digo arbitrario en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de firma insuficiente de las im\u00e1genes de software. Un atacante podr\u00eda aprovechar esta vulnerabilidad instalando una imagen de software modificada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario en el sistema afectado y elevar sus privilegios a superusuario. Nota: Los administradores siempre deben validar el hash de cualquier imagen de actualizaci\u00f3n antes de cargarla en Cisco APIC y Cisco Cloud Network Controller."
}
],
"id": "CVE-2024-20478",
"lastModified": "2025-08-01T15:26:11.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-28T17:15:10.220",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-20279
Vulnerability from fkie_nvd - Published: 2024-08-28 17:15 - Updated: 2025-08-01 15:26
Severity ?
Summary
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "59871F24-D47D-4D20-A8F7-D5F30D9288FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FFF54ABE-3471-4FC5-A1C3-80FF87DDF974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AFA3EEBB-D9FA-4B8D-AEF5-CBC8DACD42E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A2CEEF00-458D-461D-96FA-A378A22438C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8909CF82-A1A7-4B9B-A69F-85C2BD8CF832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6A38541B-FE5A-411B-BEB0-FF28AEEA17BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8773D588-6E96-4F6C-B618-F711B3BF04B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "073383DB-E3A5-4030-B8B3-D4CBE7EEB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(3f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C11FB6E8-A139-40F7-A771-389BA5206AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1BBDC37-226D-4D8B-AD85-2B9A21ECC1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "03A764F1-A6EC-41A1-95DF-2E75F48CF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C6AC80C5-C349-44D9-84D9-9DF6DCFD9F6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F378194-2040-42E1-BACB-270126D1C6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6D412265-25F9-4087-999E-561B0D96CAF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BD8FA276-DDD5-48CF-9B4F-D0688E40A091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "04D19E1F-6B31-46AC-8FBC-30468E1A0F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "82F31D0C-1807-473E-BE5E-4C945114EAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED1EF0D6-094A-4699-803F-AB96CD113E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F8499179-7BD6-4605-A08E-54DC21D7496D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DE51A247-D9E3-4025-BBF7-BC68D8190121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B3448D83-84AE-4C06-BA71-4B4A24C7098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE7121B8-8256-4B96-AA15-3262977FF65B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "26615E8A-C710-4881-88E4-D7DAD11BD034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5783EA56-51D4-467F-A42F-26F21CC2405F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC7746A7-1BD2-4F3B-8E41-EFBA158792A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B404ABB6-2988-4973-81D0-ADB8FD6A03C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E2E1753-FBA2-4FB4-A08B-DA89CE015DD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6202C8C1-4C32-4DB5-BAED-6492C5696FDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86123C20-F793-4C51-9AE2-5134D85A5824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1ADDABE6-F6E7-40D8-B722-62B9D60793A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "50B0249E-77A0-4F8D-91C2-CAE21172E318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DEF694D0-E231-454D-B7EB-BBBDE205C836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F9EA8960-D815-429B-8B4C-D6163D00FF1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3B3D7910-9457-4D33-A5C7-56D7DFBE7AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C3965A0E-FFCC-48E4-9EA7-78D00D5D25B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2A22792-0E25-49DD-AC19-2649FEE8B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E1D72E2F-A407-4769-A1A4-49553326C9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC0BA53B-3060-474A-8A2A-9742279040C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "872548A1-4BCC-4DC5-AF3D-88A28F27DE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7B68FDB0-6B31-4EE5-838A-27BA051043BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F38745F6-759E-405B-86A1-EAB235757598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ABD945AD-C130-44C0-A6EB-AE95996F6BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "63EDC24A-8AFF-4F35-8E7B-8BF7D0102715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2A2EA0E-862E-412A-A800-975393886880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F71ECF47-CACB-4CF1-8E7E-5A50F8B7F237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DE4484C5-50D6-466A-99AE-FE4AC6B7F50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "252701EC-C44C-4494-B13D-294C8D7FCF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "42E5CF24-2BED-47EF-8F20-DCAF6BED4BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8C041B68-4A70-4524-9654-9A9BFF39166A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2152CDF7-C8E0-45EB-88E6-C2A6D5B2DF47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B611E80F-EA2E-4D7E-81AD-7D3A72F6E9E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B25E0AD-D545-4A7E-A608-E62698E911FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EE408917-A902-4634-9906-07A32CBB124B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4FB3658C-9F99-4823-9A08-E97A06668393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "291998AB-5957-4CC1-BD3D-996F0764AD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B2315776-4D74-4672-B1D3-2642665B1E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "37E09919-80A7-48D4-AEDD-35E730AD09AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F362B8CA-C81A-4E74-905C-F260C6E1EA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E851F59D-8A0F-4970-8119-BD56C288FA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B127F37A-FCEE-4C6E-8B5A-4A895975151E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(4a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F358540C-2EA5-4F71-9271-A0DA74B7A5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1ADFFE45-ED23-4CF7-AE04-6F0D2C2B545D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EA219653-6F5A-488F-9EFC-435FD8F85E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2C46B1A5-155F-4767-AB25-615070B55D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C4EF3DD8-34EE-40EE-B000-A2BFDDDA8F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AB155994-1A3C-4D6A-8DB2-F2AE2DFAF14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C6730F80-A0AD-4892-BD71-7978AC375923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41C79CC4-A070-4DC0-BD9B-6B33539D0869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F0DFDEE6-C3F0-4B79-96B7-066A51684A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "309CBE89-4F35-4463-B6C9-23D4C5994AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F7E95FF-3748-4E36-BE31-B3708C1B9EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "87EF7A09-EA93-462F-B6F2-74F1FBC77C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "30C5CEC7-D8DC-412C-9A11-FA43FD0A135C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1A7C3803-06E7-4537-ABF1-C1F8BC057FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C724B36D-59DE-4271-AFE3-6EF457943297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "015F7055-A245-4121-86A8-8A2EACDFFD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "750463F9-AB39-40C6-B09E-A6B8D9E188BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "11C9AB94-BAB7-4901-A543-0766AF8B5905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "59C18719-C70A-4035-9E33-B6BCBB32569F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED195134-3A89-4799-8D61-1556F4AC75B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "956BE54B-D4BF-472E-BA3C-3A5D62B07478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2422C229-9EFB-4E45-8F46-59B2B56E5D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED836EFF-3683-4570-A07A-69B25D158AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "636B6C27-649B-4BD9-82B8-107C7B80167B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E70B6A71-E2EB-499B-BEED-3AFD26156376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5EAA91B4-EE42-480A-A18F-AE92951F242F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4A144290-A7C8-4534-AFCC-2AF372D53022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "442E6989-98AD-41C3-B585-CEF3AFEE1C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80CF50E4-3BF7-4E0A-A5E8-1E12088F31BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7311AC8-E3A9-425E-BFBE-AAC76460EFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2126ED56-1718-430D-994A-3A141CDA8435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7C925A0A-BB63-47AE-A8BE-283C6C4F6F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E528E32E-EED8-4FBD-A5E7-A4210B8DC27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "347BECFB-3E74-4227-A959-133F0CECFEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4B649677-4967-4B9D-B051-F3FC424DB16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED20238B-506D-4BC3-9D21-E36AE6D72C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B12952D7-A833-4D07-A9A4-DC8C37337EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA3003DF-C6F4-4BC2-9FA3-E6ED71FC2DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D58B016-88D0-4B01-9E27-488F0C07BB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2v\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4299A189-73E4-4C7A-B7F4-AFB878CB74DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B98F6DE0-E0BB-4964-8A05-C65F5165621B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D70E3895-DCB3-4172-B98C-6E40F0A4F418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6CAD7459-DE32-4CCD-8FD9-E51E78F5E6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AB7047CE-3246-4148-A976-816F52955EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "195681EC-2C51-4E03-9D6B-98775F91CCDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2159857F-B8BA-4C08-B3B0-F94D391A6396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3110702B-17B0-4CC0-ACF1-373E46B434B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B4DC07AC-B0E9-4963-843E-FFA9461FFBB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "99D0E93D-8D70-4232-85B5-916DF9094FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "43499579-9B0B-439E-8E75-18E7B42799FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D7F5A4B6-B2E7-419F-A051-CBA3EC4A36C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "41FEF58C-6E55-4B50-A26A-0D6CC162572B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AFD7A2FE-4858-4929-98CF-D830D5ADC570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF6ABA87-08F5-4C89-B0A2-D209B6305E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "01076AAB-79F9-40B8-BE1F-411EED87867A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(6i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76E4E4F2-9567-471E-AC73-5CD6AD338C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEAD3085-3271-4E28-9E55-2ED813D796F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80ADB11A-4D8C-4C2D-A483-E5BCD0B52B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF518C44-E1F8-4443-9D73-D620158E7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "569D4548-EE9D-4F33-A6EE-21A7ADF2514E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46F2A714-DA33-449E-9C99-C8D8C15647D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A36D5184-55D1-4CBA-91BC-5E077FB07E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D155016D-6988-4489-A4A1-BFDFB8F702A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C036D5F-67EE-45CE-8D47-2BF483A14922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B468C9AE-396E-445B-AC5D-EAB1BB8EDFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(41d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3686F336-5D02-4984-B465-762EA7AB747D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA2A1A67-093B-4B8D-92EC-74BBDEDC91AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E6D53DB7-C376-481B-9FF5-745290EE2F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A59205CF-AB56-4902-BE58-2823B432A32C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF203A26-8EE3-4570-89EB-2C06F228222D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0530224D-F85F-41CD-ADF9-29DF060C3BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "807B4B19-7346-4F9A-AC07-ACC9F1AE145E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5775342D-C7A7-454E-BE3C-D0BF0C045C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9496DBE9-0688-49F4-9A13-6AB427BB3663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2DFEF7C4-26F5-4F58-9063-811247E40EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9863BBC-56C8-44FC-B30A-5D12C74B3779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4E54667F-863C-4FC7-8DF2-5515D6766B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "93D1B627-4C61-4A86-8C39-D5C1152F0EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "632F2791-A9E9-4902-9F5F-51F5D8A025AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "511B92C9-9E6D-4919-9CF3-BCAE7802B5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "69D2E5F9-6A86-4F9A-9E71-BA682301D1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2x\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706A76CD-F18D-4B95-B996-B0160A91CD7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46CDDD7F-018A-4AD7-BBE2-F8602F2BA931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C47A6A0E-84B9-4DE4-98EB-1065E18C2D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AA157F60-606D-4A5C-8437-D7970C7FA8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "87ED09DD-8305-4CF9-B174-644AC585C92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF98D3C8-A0C6-46EA-9B62-3850868B36A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9BD24A82-0BF7-4B90-BA36-BD6AB204304B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0EA99D3C-21C0-4432-AE97-8F750C8D4D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "095A0E88-E216-4070-A458-8ED6041469B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0FDA1-5C75-4683-B24C-4486EC7E3E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CCD0F519-2B3B-4AF1-BC30-12B8F5F0F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8376ED28-4A53-4E54-94C2-B1C2A744729B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "961D987E-71F7-4CF4-BDAA-0B6ABDEF05D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A584271A-0F2B-4B55-A14B-FA55BC8BD981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9D87AD83-B69E-4C79-9362-984FBD4096B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4p\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3930A258-9C03-49E0-B935-136847EF05E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7821B4A2-FFF5-4E2E-B360-9000DD0A1980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08254391-0BEC-4110-8AAF-44B66E76569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6A8CCC02-5269-47CA-9DEE-FB9DF0AEAC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0BB6B9B5-9B85-49FC-83F6-3CD2C3B92D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5627AF1-FB65-44F1-A7E2-98D6B2767887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AF23AD6E-B875-4895-BC82-EA6305927487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B8418157-E12F-4F97-9FAE-601C9BE25D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6o\\):*:*:*:*:*:*:*",
"matchCriteriaId": "270B4C0E-796A-43B3-B3BE-D8C0DF0C0F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E9FDB03C-8B6F-46B2-930A-BD105E41D2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9FA2AA37-6DA9-43D8-9D21-E1ECED85A509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7q\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5088B144-3349-4E6F-8978-B96FA7AC420F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7r\\):*:*:*:*:*:*:*",
"matchCriteriaId": "08791B2A-6B2F-4BAE-9E9B-0B2E5F8B610D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7s\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A3067079-4CE4-4F29-BFDB-2CDACD003BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7t\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC183AB-16F7-4C43-8F2F-F7508005A82B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7u\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FB58D50B-68C3-40A3-8E0C-151511E22978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7v\\):*:*:*:*:*:*:*",
"matchCriteriaId": "693E0E3A-0AA3-4556-930F-79A13A4506ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7w\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0875EE60-A0CE-44C2-AE3A-42BF383BA710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B412D14-9F6F-4608-8CF8-3AE74A694BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BB19FC9F-C52E-48B5-B6F5-5B39F016DC18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "091E80DF-2FCF-466D-8D41-A6F5513C0180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F1BBC0EE-5C05-4E88-95CC-2FEB7ABE95C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7587DDE3-79E4-4A7A-B02D-D407B99B6CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C4E68E4-7893-4DC3-9464-03689AEBB2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3DE195AC-67AA-45CD-8F81-96B5B4859869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "35BFCBA5-DDA2-4DC6-BD12-CF1D58CB73F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "92295C80-3DEB-47C8-A26F-CFA156C88B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CD9A687B-642A-4646-A85C-8F5C41B8CD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "697D5222-9FDC-430A-B4AD-18C43606B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4ABB3875-2D9B-4EF5-9DF5-0E7C2E180167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4D660DE6-B3F1-498D-9F0C-919D4FD81913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8BEE0A24-B301-4693-965B-9EDF4FB3E652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "832E8780-1C4F-42EE-B3DB-C36D5C39330A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BA0E35AD-664F-4A1B-A651-9A6D6699133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B487C5E8-FCDB-4EDC-85A0-69B9143B8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1DA2E2F-D519-46E1-AF0F-1B068EE8CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "19E2370A-EDBD-4F39-9AA2-BB1B48DBC6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B13102E2-A4B5-4E8E-AFBF-7D2824DF07D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1E304F25-6F50-4C86-B488-F3CB80601FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A56BE783-4995-4EE9-90C8-6BAE73588A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EE12D57D-B08E-46DE-9048-F608B1D0432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "36DD76D9-2703-40AF-B154-9F3A268473D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2AFA2721-32D2-4877-BCAB-8E965AAB0B28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CC4FB4EB-87BE-4A1B-AB68-9B12F2372090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8638CF95-3422-4F8D-AE5D-FF7F76BFC456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "857F16AE-D927-44E8-B268-F7A2FC4503B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B178BD85-E906-4D5E-9710-22C394038EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FC7D76A6-9CEF-4E74-A991-37725A46A045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "224C813A-61E2-4FE7-A012-8C50D90CB633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7D57E315-9795-4AB2-A36D-1979AA3B65E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "010B771A-30B2-4892-B028-08C9AEC170BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "94AEA808-C9C3-4C54-A717-6FB3BC4A32EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CA3ED35C-255F-43D3-A9A9-81AAEA1F3AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B1284FC-805B-4C57-931A-BA422A648777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4BD6BCF2-81B0-4118-9C34-55AEFFAB62BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F7699F8E-2A17-421E-8078-7EBECE7C2768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C01F1006-7409-459F-A947-7D68D483CCC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7839A222-2CC0-495D-97E6-2421BFB0B948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "11F64391-5096-478C-A955-169F4AEBDC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF29E5EB-2497-4136-9BC7-7E75A6180245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1B7CC4CE-1FF6-45BB-AAC7-367593586AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "64CFF745-E48F-44B9-8C22-12644F0FF06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(4c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "97954FE9-2CBF-4016-8FDD-CE7423A65BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F6714932-BC33-41D0-8032-7ED387C6F80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "23C425D3-CF4A-4D2D-9FD6-E7B9A9927ED7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system.\u0026nbsp;This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n del dominio de seguridad restringido de Cisco Application Policy Infrastructure Controller (APIC) podr\u00eda permitir que un atacante remoto autenticado modifique el comportamiento de las pol\u00edticas predeterminadas del sistema, como las pol\u00edticas de calidad de servicio (QoS), en un sistema afectado. Esta vulnerabilidad se debe a un control de acceso inadecuado cuando se utilizan dominios de seguridad restringidos para implementar la multi-tenencia. Un atacante con una cuenta de usuario v\u00e1lida asociada con un dominio de seguridad restringido podr\u00eda aprovechar esta vulnerabilidad. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante leer, modificar o eliminar pol\u00edticas secundarias creadas bajo pol\u00edticas predeterminadas del sistema, que son utilizadas impl\u00edcitamente por todos los inquilinos en la estructura, lo que provoca la interrupci\u00f3n del tr\u00e1fico de la red. La explotaci\u00f3n no es posible para las pol\u00edticas bajo inquilinos a los que un atacante no tiene autorizaci\u00f3n para acceder."
}
],
"id": "CVE-2024-20279",
"lastModified": "2025-08-01T15:26:46.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-08-28T17:15:06.113",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-20230
Vulnerability from fkie_nvd - Published: 2023-08-23 19:15 - Updated: 2024-11-21 07:40
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system.
This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | application_policy_infrastructure_controller | * | |
| cisco | application_policy_infrastructure_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DF423B-F7E4-4B50-A430-B458CE03DBAE",
"versionEndExcluding": "5.2\\(8d\\)",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBAD823C-A857-4155-82EF-7514CD20AEA0",
"versionEndExcluding": "6.0\\(3d\\)",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system.\r\n\r This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access."
}
],
"id": "CVE-2023-20230",
"lastModified": "2024-11-21T07:40:56.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-23T19:15:08.133",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-20011
Vulnerability from fkie_nvd - Published: 2023-02-23 20:15 - Updated: 2024-11-21 07:40
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | application_policy_infrastructure_controller | * | |
| cisco | application_policy_infrastructure_controller | * | |
| cisco | cloud_network_controller | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD458F3-D3E4-4F9B-82FE-B58AD6DF1EB1",
"versionEndExcluding": "5.2\\(7g\\)",
"versionStartIncluding": "4.2\\(6\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20617C7E-820F-460A-9EC1-A240C7163AC6",
"versionEndExcluding": "6.0\\(2h\\)",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_network_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD04E51-95F2-4E55-A52B-D8B35C7BDA26",
"versionEndExcluding": "25.0\\(5\\)",
"versionStartIncluding": "4.2\\(6\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts."
}
],
"id": "CVE-2023-20011",
"lastModified": "2024-11-21T07:40:20.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-23T20:15:13.090",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-1580
Vulnerability from fkie_nvd - Published: 2021-08-25 20:15 - Updated: 2024-11-21 05:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD10720-FB92-47CF-9F2B-90D09945DE86",
"versionEndExcluding": "3.2\\(10e\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9513E4-EC22-40D0-9339-49926BEB9947",
"versionEndExcluding": "4.2\\(6h\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7843-7BCB-47A7-AD56-A102AC67BD47",
"versionEndExcluding": "5.1\\(3e\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09451843-4634-4B4F-B005-7CB1747B244D",
"versionEndExcluding": "3.2\\(10e\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA718C7-5A6D-406A-9AC7-E339BB652F0C",
"versionEndExcluding": "4.2\\(6h\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB6614-D3C4-46A9-88D5-00D28E74485D",
"versionEndExcluding": "5.1\\(3e\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de usuario web y los endpoints de la API de Cisco Application Policy Infrastructure Controller (APIC) o Cisco Cloud APIC podr\u00edan permitir a un atacante remoto llevar a cabo un ataque de inyecci\u00f3n de comandos o de carga de archivos en un sistema afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso."
}
],
"id": "CVE-2021-1580",
"lastModified": "2024-11-21T05:44:40.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-25T20:15:10.493",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-1578
Vulnerability from fkie_nvd - Published: 2021-08-25 20:15 - Updated: 2024-11-21 05:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is due to an improper policy default setting. An attacker could exploit this vulnerability by using a non-privileged credential for Cisco ACI Multi-Site Orchestrator (MSO) to send a specific API request to a managed Cisco APIC or Cloud APIC device. A successful exploit could allow the attacker to obtain Administrator credentials on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | application_policy_infrastructure_controller | * | |
| cisco | application_policy_infrastructure_controller | 5.0\(2h\) | |
| cisco | cloud_application_policy_infrastructure_controller | * | |
| cisco | cloud_application_policy_infrastructure_controller | 5.0\(2h\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6249DC9-27F1-4654-AA22-AC5653C304F7",
"versionEndIncluding": "5.1\\(3e\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F1BBC0EE-5C05-4E88-95CC-2FEB7ABE95C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55C30D3C-ED14-4167-AF88-306D1E79A570",
"versionEndIncluding": "5.1\\(3e\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A6E3BDEB-E94E-4957-8BAB-DECCECADF481",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is due to an improper policy default setting. An attacker could exploit this vulnerability by using a non-privileged credential for Cisco ACI Multi-Site Orchestrator (MSO) to send a specific API request to a managed Cisco APIC or Cloud APIC device. A successful exploit could allow the attacker to obtain Administrator credentials on the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en un endpoint de la API de Cisco Application Policy Infrastructure Controller (APIC) y Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) podr\u00eda permitir a un atacante remoto autenticado elevar los privilegios a Administrador en un dispositivo afectado. Esta vulnerabilidad es debido a una configuraci\u00f3n inapropiada de la pol\u00edtica predeterminada. Un atacante podr\u00eda explotar esta vulnerabilidad al usar una credencial sin privilegios para Cisco ACI Multi-Site Orchestrator (MSO) para enviar una petici\u00f3n de API espec\u00edfica a un dispositivo manejado por Cisco APIC o Cloud APIC. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener credenciales de Administrador en el dispositivo afectado."
}
],
"id": "CVE-2021-1578",
"lastModified": "2024-11-21T05:44:39.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-25T20:15:10.080",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-pesc-pkmGK4J"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-pesc-pkmGK4J"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-636"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-1582
Vulnerability from fkie_nvd - Published: 2021-08-25 20:15 - Updated: 2024-11-21 05:44
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E54A7EC-C94D-450D-913C-DECBCBE3E840",
"versionEndExcluding": "3.2\\(10f\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6370F4-3207-4AEB-96A8-C62A2DC8462E",
"versionEndExcluding": "4.2\\(7i\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC568558-0F41-4B14-81D5-AB7CD330E57C",
"versionEndExcluding": "5.2\\(2f\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD196DC-2522-46EA-BD15-5B6F7528B073",
"versionEndExcluding": "3.2\\(10f\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE46C997-7504-49BC-BADF-F115A62E4A6D",
"versionEndExcluding": "4.2\\(7i\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E0F5D2F-81FB-4597-B717-F16C44A65F69",
"versionEndExcluding": "5.2\\(1h\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de usuario web de Cisco Application Policy Infrastructure Controller (APIC) o Cisco Cloud APIC podr\u00eda permitir a un atacante remoto autenticado llevar a cabo un ataque de tipo cross-site scripting almacenado en un sistema afectado. Esta vulnerabilidad es debido a una comprobaci\u00f3n inapropiada de entradas en la interfaz de usuario web. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de entradas maliciosas a la interfaz web. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz basada en la web o acceder a informaci\u00f3n confidencial basada en el navegador."
}
],
"id": "CVE-2021-1582",
"lastModified": "2024-11-21T05:44:40.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-25T20:15:10.697",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-scss-bFT75YrM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-scss-bFT75YrM"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-1579
Vulnerability from fkie_nvd - Published: 2021-08-25 20:15 - Updated: 2024-11-21 05:44
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E54A7EC-C94D-450D-913C-DECBCBE3E840",
"versionEndExcluding": "3.2\\(10f\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1907FF-8F31-42A7-A1F3-6DADA57301AE",
"versionEndExcluding": "4.2\\(7l\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC568558-0F41-4B14-81D5-AB7CD330E57C",
"versionEndExcluding": "5.2\\(2f\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD196DC-2522-46EA-BD15-5B6F7528B073",
"versionEndExcluding": "3.2\\(10f\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1334B099-27F9-4597-8C6E-0FF88F654A03",
"versionEndExcluding": "4.2\\(7l\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2B3DBF-1A05-4D11-AC0C-F709A6BA6620",
"versionEndExcluding": "5.2\\(2f\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en un endpoint de la API de Cisco Application Policy Infrastructure Controller (APIC) y Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) podr\u00eda permitir a un atacante remoto autenticado con credenciales de s\u00f3lo lectura de Administrador elevar los privilegios en un sistema afectado. Esta vulnerabilidad es debido a un control de acceso insuficiente basado en roles (RBAC). Un atacante con credenciales de Administrador de s\u00f3lo lectura podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n de API espec\u00edfica usando una aplicaci\u00f3n con credenciales de escritura de administrador. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante elevar los privilegios a Administrador con privilegios de escritura en el dispositivo afectado."
}
],
"id": "CVE-2021-1579",
"lastModified": "2024-11-21T05:44:39.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-25T20:15:10.303",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-1581
Vulnerability from fkie_nvd - Published: 2021-08-25 20:15 - Updated: 2024-11-21 05:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E54A7EC-C94D-450D-913C-DECBCBE3E840",
"versionEndExcluding": "3.2\\(10f\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1907FF-8F31-42A7-A1F3-6DADA57301AE",
"versionEndExcluding": "4.2\\(7l\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DCD9A2-70EF-47EB-878C-02C6242300AB",
"versionEndExcluding": "5.2\\(1g\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD196DC-2522-46EA-BD15-5B6F7528B073",
"versionEndExcluding": "3.2\\(10f\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1334B099-27F9-4597-8C6E-0FF88F654A03",
"versionEndExcluding": "4.2\\(7l\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D99FAEA2-7A3A-4AE2-B78A-934C7EC4E774",
"versionEndExcluding": "5.2\\(1g\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de usuario web y los endpoints de la API de Cisco Application Policy Infrastructure Controller (APIC) o Cisco Cloud APIC podr\u00edan permitir a un atacante remoto llevar a cabo un ataque de inyecci\u00f3n de comandos o de carga de archivos en un sistema afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso."
}
],
"id": "CVE-2021-1581",
"lastModified": "2024-11-21T05:44:40.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-25T20:15:10.640",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-1577
Vulnerability from fkie_nvd - Published: 2021-08-25 20:15 - Updated: 2024-11-21 05:44
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker could exploit this vulnerability by using a specific API endpoint to upload a file to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on an affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD10720-FB92-47CF-9F2B-90D09945DE86",
"versionEndExcluding": "3.2\\(10e\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9513E4-EC22-40D0-9339-49926BEB9947",
"versionEndExcluding": "4.2\\(6h\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DEF7843-7BCB-47A7-AD56-A102AC67BD47",
"versionEndExcluding": "5.1\\(3e\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09451843-4634-4B4F-B005-7CB1747B244D",
"versionEndExcluding": "3.2\\(10e\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA718C7-5A6D-406A-9AC7-E339BB652F0C",
"versionEndExcluding": "4.2\\(6h\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCB6614-D3C4-46A9-88D5-00D28E74485D",
"versionEndExcluding": "5.1\\(3e\\)",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker could exploit this vulnerability by using a specific API endpoint to upload a file to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en un endpoint de la API de Cisco Application Policy Infrastructure Controller (APIC) y Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) podr\u00eda permitir a un atacante remoto no autenticado leer o escribir archivos arbitrarios en un sistema afectado. Esta vulnerabilidad es debido a un control de acceso inapropiado. Un atacante podr\u00eda explotar esta vulnerabilidad al usar un endpoint espec\u00edfico de la API para cargar un archivo en un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer o escribir archivos arbitrarios en un dispositivo afectado."
}
],
"id": "CVE-2021-1577",
"lastModified": "2024-11-21T05:44:39.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-25T20:15:09.883",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-frw-Nt3RYxR2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-frw-Nt3RYxR2"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-20119 (GCVE-0-2025-20119)
Vulnerability from cvelistv5 – Published: 2025-02-26 16:23 – Updated: 2025-03-03 19:02
VLAI?
Summary
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition.
Severity ?
6 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 4.1(1k) Affected: 3.2(4d) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 4.0(1h) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 3.2(7k) Affected: 3.2(9b) Affected: 3.2(3j) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.2(5f) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 4.2(1g) Affected: 4.1(2g) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 3.2(3i) Affected: 3.2(3n) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 4.1(2w) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 4.0(2c) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 3.2(3o) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) Affected: 6.0(6c) Affected: 6.1(1f) Affected: 6.0(7e) Affected: 5.3(2d) Affected: 6.0(8d) Affected: 5.3(2e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T17:21:01.401418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T19:02:59.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
},
{
"status": "affected",
"version": "6.0(6c)"
},
{
"status": "affected",
"version": "6.1(1f)"
},
{
"status": "affected",
"version": "6.0(7e)"
},
{
"status": "affected",
"version": "5.3(2d)"
},
{
"status": "affected",
"version": "6.0(8d)"
},
{
"status": "affected",
"version": "5.3(2e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T17:13:44.068Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-multi-vulns-9ummtg5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"source": {
"advisory": "cisco-sa-apic-multi-vulns-9ummtg5",
"defects": [
"CSCwk18865"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Authenticated Local Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20119",
"datePublished": "2025-02-26T16:23:37.170Z",
"dateReserved": "2024-10-10T19:15:13.211Z",
"dateUpdated": "2025-03-03T19:02:59.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20118 (GCVE-0-2025-20118)
Vulnerability from cvelistv5 – Published: 2025-02-26 16:23 – Updated: 2025-03-03 19:03
VLAI?
Summary
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks.
Severity ?
4.4 (Medium)
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 4.1(1k) Affected: 3.2(4d) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 4.0(1h) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 3.2(7k) Affected: 3.2(9b) Affected: 3.2(3j) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.2(5f) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 4.2(1g) Affected: 4.1(2g) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 3.2(3i) Affected: 3.2(3n) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 4.1(2w) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 4.0(2c) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 3.2(3o) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) Affected: 6.0(6c) Affected: 6.1(1f) Affected: 6.0(7e) Affected: 5.3(2d) Affected: 6.0(8d) Affected: 5.3(2e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T17:51:08.139382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T19:03:28.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
},
{
"status": "affected",
"version": "6.0(6c)"
},
{
"status": "affected",
"version": "6.1(1f)"
},
{
"status": "affected",
"version": "6.0(7e)"
},
{
"status": "affected",
"version": "5.3(2d)"
},
{
"status": "affected",
"version": "6.0(8d)"
},
{
"status": "affected",
"version": "5.3(2e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T17:13:05.215Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-multi-vulns-9ummtg5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"source": {
"advisory": "cisco-sa-apic-multi-vulns-9ummtg5",
"defects": [
"CSCwk18864"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20118",
"datePublished": "2025-02-26T16:23:28.132Z",
"dateReserved": "2024-10-10T19:15:13.211Z",
"dateUpdated": "2025-03-03T19:03:28.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20117 (GCVE-0-2025-20117)
Vulnerability from cvelistv5 – Published: 2025-02-26 16:11 – Updated: 2025-02-27 15:16
VLAI?
Summary
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.
Severity ?
5.1 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 4.1(1k) Affected: 3.2(4d) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 4.0(1h) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 3.2(7k) Affected: 3.2(9b) Affected: 3.2(3j) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.2(5f) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 4.2(1g) Affected: 4.1(2g) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 3.2(3i) Affected: 3.2(3n) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 4.1(2w) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 4.0(2c) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 3.2(3o) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) Affected: 6.0(6c) Affected: 6.1(1f) Affected: 6.0(7e) Affected: 5.3(2d) Affected: 6.0(8d) Affected: 5.3(2e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:47:44.354918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T15:16:53.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
},
{
"status": "affected",
"version": "6.0(6c)"
},
{
"status": "affected",
"version": "6.1(1f)"
},
{
"status": "affected",
"version": "6.0(7e)"
},
{
"status": "affected",
"version": "5.3(2d)"
},
{
"status": "affected",
"version": "6.0(8d)"
},
{
"status": "affected",
"version": "5.3(2e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root\u0026nbsp;on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:11:26.187Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-multi-vulns-9ummtg5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"source": {
"advisory": "cisco-sa-apic-multi-vulns-9ummtg5",
"defects": [
"CSCwk18862"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Authenticated Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20117",
"datePublished": "2025-02-26T16:11:26.187Z",
"dateReserved": "2024-10-10T19:15:13.210Z",
"dateUpdated": "2025-02-27T15:16:53.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20116 (GCVE-0-2025-20116)
Vulnerability from cvelistv5 – Published: 2025-02-26 16:11 – Updated: 2025-02-27 15:10
VLAI?
Summary
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 4.1(1k) Affected: 3.2(4d) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 4.0(1h) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 3.2(7k) Affected: 3.2(9b) Affected: 3.2(3j) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.2(5f) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 4.2(1g) Affected: 4.1(2g) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 3.2(3i) Affected: 3.2(3n) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 4.1(2w) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 4.0(2c) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 3.2(3o) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) Affected: 6.0(6c) Affected: 6.1(1f) Affected: 6.0(7e) Affected: 5.3(2d) Affected: 6.0(8d) Affected: 5.3(2e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:49:28.397648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T15:10:56.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
},
{
"status": "affected",
"version": "6.0(6c)"
},
{
"status": "affected",
"version": "6.1(1f)"
},
{
"status": "affected",
"version": "6.0(7e)"
},
{
"status": "affected",
"version": "5.3(2d)"
},
{
"status": "affected",
"version": "6.0(8d)"
},
{
"status": "affected",
"version": "5.3(2e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:11:17.385Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-multi-vulns-9ummtg5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"source": {
"advisory": "cisco-sa-apic-multi-vulns-9ummtg5",
"defects": [
"CSCwk18863"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20116",
"datePublished": "2025-02-26T16:11:17.385Z",
"dateReserved": "2024-10-10T19:15:13.210Z",
"dateUpdated": "2025-02-27T15:10:56.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20478 (GCVE-0-2024-20478)
Vulnerability from cvelistv5 – Published: 2024-08-28 16:30 – Updated: 2024-09-06 14:11
VLAI?
Summary
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.
This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.
Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.
Severity ?
6.5 (Medium)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 2.2(1o) Affected: 1.2(2h) Affected: 2.2(2i) Affected: 1.2(1k) Affected: 2.2(1k) Affected: 3.1(2m) Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 1.1(1o) Affected: 1.2(1m) Affected: 1.2(2j) Affected: 2.2(4r) Affected: 2.2(3j) Affected: 1.1(3f) Affected: 2.2(2f) Affected: 1.1(4m) Affected: 2.2(2k) Affected: 2.1(1i) Affected: 2.0(1p) Affected: 3.1(2p) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 1.1(4e) Affected: 4.1(1k) Affected: 2.2(4f) Affected: 2.1(3h) Affected: 3.2(4d) Affected: 2.0(1n) Affected: 2.0(1m) Affected: 2.0(1r) Affected: 2.1(2e) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 2.0(1l) Affected: 2.2(2e) Affected: 2.2(3r) Affected: 3.0(2k) Affected: 2.1(3g) Affected: 4.0(1h) Affected: 2.0(1o) Affected: 2.2(3p) Affected: 1.2(3e) Affected: 2.2(3s) Affected: 2.0(2g) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 1.2(3c) Affected: 3.2(7k) Affected: 1.3(2h) Affected: 3.2(9b) Affected: 1.3(2k) Affected: 3.1(2t) Affected: 1.1(2h) Affected: 3.2(3j) Affected: 2.1(2k) Affected: 2.3(1f) Affected: 1.2(3h) Affected: 3.0(1i) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 1.1(4l) Affected: 2.3(1i) Affected: 3.1(2q) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.1(1i) Affected: 2.0(2m) Affected: 3.0(2h) Affected: 2.2(2q) Affected: 2.3(1l) Affected: 1.3(1h) Affected: 3.0(2n) Affected: 3.2(5f) Affected: 1.2(1h) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 1.2(1i) Affected: 1.3(1j) Affected: 2.1(1h) Affected: 2.0(2l) Affected: 2.0(2h) Affected: 1.2(2g) Affected: 3.0(1k) Affected: 4.2(1g) Affected: 2.1(2g) Affected: 2.0(1q) Affected: 1.1(1j) Affected: 4.1(2g) Affected: 1.1(1r) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 1.3(1g) Affected: 1.3(2j) Affected: 1.3(2i) Affected: 2.0(2o) Affected: 2.2(4q) Affected: 2.3(1o) Affected: 3.2(3i) Affected: 2.2(2j) Affected: 1.1(1d) Affected: 2.0(2n) Affected: 2.2(3t) Affected: 3.2(3n) Affected: 1.1(4g) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 3.1(2o) Affected: 1.2(2i) Affected: 2.1(2f) Affected: 1.3(2f) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 2.0(2f) Affected: 2.3(1e) Affected: 1.1(1s) Affected: 3.1(2v) Affected: 4.1(2w) Affected: 1.1(4i) Affected: 3.1(2u) Affected: 1.1(4f) Affected: 3.0(2m) Affected: 2.0(1k) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 1.1(2i) Affected: 4.0(2c) Affected: 1.3(1i) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 1.2(3m) Affected: 3.2(3o) Affected: 3.1(2s) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 2.3(1p) Affected: 2.1(4a) Affected: 1.1(1n) Affected: 2.2(1n) Affected: 2.2(4p) Affected: 2.1(3j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(8d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(41d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(3f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9b\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2t\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2u\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1a\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(6i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3t\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2x\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2v\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2w\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2u\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(2c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(4a\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(3e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(4c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(1g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7t\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7u\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7v\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7w\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(1d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(4c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2a\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2b\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2c\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "application_policy_infrastructure_controller",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "3.2\\(8d\\)"
},
{
"status": "affected",
"version": "2.2\\(1o\\)"
},
{
"status": "affected",
"version": "1.2\\(2h\\)"
},
{
"status": "affected",
"version": "2.2\\(2i\\)"
},
{
"status": "affected",
"version": "1.2\\(1k\\)"
},
{
"status": "affected",
"version": "2.2\\(1k\\)"
},
{
"status": "affected",
"version": "3.1\\(2m\\)"
},
{
"status": "affected",
"version": "3.2\\(1m\\)"
},
{
"status": "affected",
"version": "3.2\\(5e\\)"
},
{
"status": "affected",
"version": "4.1\\(2m\\)"
},
{
"status": "affected",
"version": "3.2\\(41d\\)"
},
{
"status": "affected",
"version": "1.1\\(1o\\)"
},
{
"status": "affected",
"version": "1.2\\(1m\\)"
},
{
"status": "affected",
"version": "1.2\\(2j\\)"
},
{
"status": "affected",
"version": "2.2\\(4r\\)"
},
{
"status": "affected",
"version": "2.2\\(3j\\)"
},
{
"status": "affected",
"version": "1.1\\(3f\\)"
},
{
"status": "affected",
"version": "2.2\\(2f\\)"
},
{
"status": "affected",
"version": "1.1\\(4m\\)"
},
{
"status": "affected",
"version": "2.2\\(2k\\)"
},
{
"status": "affected",
"version": "2.1\\(1i\\)"
},
{
"status": "affected",
"version": "2.0\\(1p\\)"
},
{
"status": "affected",
"version": "3.1\\(2p\\)"
},
{
"status": "affected",
"version": "3.2\\(3s\\)"
},
{
"status": "affected",
"version": "4.0\\(3c\\)"
},
{
"status": "affected",
"version": "1.1\\(4e\\)"
},
{
"status": "affected",
"version": "4.1\\(1k\\)"
},
{
"status": "affected",
"version": "2.2\\(4f\\)"
},
{
"status": "affected",
"version": "2.1\\(3h\\)"
},
{
"status": "affected",
"version": "3.2\\(4d\\)"
},
{
"status": "affected",
"version": "2.0\\(1n\\)"
},
{
"status": "affected",
"version": "2.0\\(1m\\)"
},
{
"status": "affected",
"version": "2.0\\(1r\\)"
},
{
"status": "affected",
"version": "2.1\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(3j\\)"
},
{
"status": "affected",
"version": "4.2\\(3n\\)"
},
{
"status": "affected",
"version": "2.0\\(1l\\)"
},
{
"status": "affected",
"version": "2.2\\(2e\\)"
},
{
"status": "affected",
"version": "2.2\\(3r\\)"
},
{
"status": "affected",
"version": "3.0\\(2k\\)"
},
{
"status": "affected",
"version": "2.1\\(3g\\)"
},
{
"status": "affected",
"version": "4.0\\(1h\\)"
},
{
"status": "affected",
"version": "2.0\\(1o\\)"
},
{
"status": "affected",
"version": "2.2\\(3p\\)"
},
{
"status": "affected",
"version": "1.2\\(3e\\)"
},
{
"status": "affected",
"version": "2.2\\(3s\\)"
},
{
"status": "affected",
"version": "2.0\\(2g\\)"
},
{
"status": "affected",
"version": "4.1\\(1l\\)"
},
{
"status": "affected",
"version": "3.2\\(9f\\)"
},
{
"status": "affected",
"version": "4.2\\(3l\\)"
},
{
"status": "affected",
"version": "4.2\\(2g\\)"
},
{
"status": "affected",
"version": "1.2\\(3c\\)"
},
{
"status": "affected",
"version": "3.2\\(7k\\)"
},
{
"status": "affected",
"version": "1.3\\(2h\\)"
},
{
"status": "affected",
"version": "3.2\\(9b\\)"
},
{
"status": "affected",
"version": "1.3\\(2k\\)"
},
{
"status": "affected",
"version": "3.1\\(2t\\)"
},
{
"status": "affected",
"version": "1.1\\(2h\\)"
},
{
"status": "affected",
"version": "3.2\\(3j\\)"
},
{
"status": "affected",
"version": "2.1\\(2k\\)"
},
{
"status": "affected",
"version": "2.3\\(1f\\)"
},
{
"status": "affected",
"version": "1.2\\(3h\\)"
},
{
"status": "affected",
"version": "3.0\\(1i\\)"
},
{
"status": "affected",
"version": "4.1\\(2u\\)"
},
{
"status": "affected",
"version": "4.2\\(1l\\)"
},
{
"status": "affected",
"version": "4.1\\(1a\\)"
},
{
"status": "affected",
"version": "4.0\\(3d\\)"
},
{
"status": "affected",
"version": "1.1\\(4l\\)"
},
{
"status": "affected",
"version": "2.3\\(1i\\)"
},
{
"status": "affected",
"version": "3.1\\(2q\\)"
},
{
"status": "affected",
"version": "3.2\\(4e\\)"
},
{
"status": "affected",
"version": "4.1\\(1i\\)"
},
{
"status": "affected",
"version": "3.1\\(1i\\)"
},
{
"status": "affected",
"version": "2.0\\(2m\\)"
},
{
"status": "affected",
"version": "3.0\\(2h\\)"
},
{
"status": "affected",
"version": "2.2\\(2q\\)"
},
{
"status": "affected",
"version": "2.3\\(1l\\)"
},
{
"status": "affected",
"version": "1.3\\(1h\\)"
},
{
"status": "affected",
"version": "3.0\\(2n\\)"
},
{
"status": "affected",
"version": "3.2\\(5f\\)"
},
{
"status": "affected",
"version": "1.2\\(1h\\)"
},
{
"status": "affected",
"version": "3.2\\(1l\\)"
},
{
"status": "affected",
"version": "4.2\\(1i\\)"
},
{
"status": "affected",
"version": "4.1\\(2o\\)"
},
{
"status": "affected",
"version": "1.2\\(1i\\)"
},
{
"status": "affected",
"version": "1.3\\(1j\\)"
},
{
"status": "affected",
"version": "2.1\\(1h\\)"
},
{
"status": "affected",
"version": "2.0\\(2l\\)"
},
{
"status": "affected",
"version": "2.0\\(2h\\)"
},
{
"status": "affected",
"version": "1.2\\(2g\\)"
},
{
"status": "affected",
"version": "3.0\\(1k\\)"
},
{
"status": "affected",
"version": "4.2\\(1g\\)"
},
{
"status": "affected",
"version": "2.1\\(2g\\)"
},
{
"status": "affected",
"version": "2.0\\(1q\\)"
},
{
"status": "affected",
"version": "1.1\\(1j\\)"
},
{
"status": "affected",
"version": "4.1\\(2g\\)"
},
{
"status": "affected",
"version": "1.1\\(1r\\)"
},
{
"status": "affected",
"version": "4.2\\(2f\\)"
},
{
"status": "affected",
"version": "3.2\\(6i\\)"
},
{
"status": "affected",
"version": "1.3\\(1g\\)"
},
{
"status": "affected",
"version": "1.3\\(2j\\)"
},
{
"status": "affected",
"version": "1.3\\(2i\\)"
},
{
"status": "affected",
"version": "2.0\\(2o\\)"
},
{
"status": "affected",
"version": "2.2\\(4q\\)"
},
{
"status": "affected",
"version": "2.3\\(1o\\)"
},
{
"status": "affected",
"version": "3.2\\(3i\\)"
},
{
"status": "affected",
"version": "2.2\\(2j\\)"
},
{
"status": "affected",
"version": "1.1\\(1d\\)"
},
{
"status": "affected",
"version": "2.0\\(2n\\)"
},
{
"status": "affected",
"version": "2.2\\(3t\\)"
},
{
"status": "affected",
"version": "3.2\\(3n\\)"
},
{
"status": "affected",
"version": "1.1\\(4g\\)"
},
{
"status": "affected",
"version": "4.1\\(2x\\)"
},
{
"status": "affected",
"version": "3.2\\(5d\\)"
},
{
"status": "affected",
"version": "3.1\\(2o\\)"
},
{
"status": "affected",
"version": "1.2\\(2i\\)"
},
{
"status": "affected",
"version": "2.1\\(2f\\)"
},
{
"status": "affected",
"version": "1.3\\(2f\\)"
},
{
"status": "affected",
"version": "4.2\\(3q\\)"
},
{
"status": "affected",
"version": "4.1\\(1j\\)"
},
{
"status": "affected",
"version": "2.0\\(2f\\)"
},
{
"status": "affected",
"version": "2.3\\(1e\\)"
},
{
"status": "affected",
"version": "1.1\\(1s\\)"
},
{
"status": "affected",
"version": "3.1\\(2v\\)"
},
{
"status": "affected",
"version": "4.1\\(2w\\)"
},
{
"status": "affected",
"version": "1.1\\(4i\\)"
},
{
"status": "affected",
"version": "3.1\\(2u\\)"
},
{
"status": "affected",
"version": "1.1\\(4f\\)"
},
{
"status": "affected",
"version": "3.0\\(2m\\)"
},
{
"status": "affected",
"version": "2.0\\(1k\\)"
},
{
"status": "affected",
"version": "3.2\\(2o\\)"
},
{
"status": "affected",
"version": "3.2\\(3r\\)"
},
{
"status": "affected",
"version": "1.1\\(2i\\)"
},
{
"status": "affected",
"version": "4.0\\(2c\\)"
},
{
"status": "affected",
"version": "1.3\\(1i\\)"
},
{
"status": "affected",
"version": "4.1\\(2s\\)"
},
{
"status": "affected",
"version": "3.2\\(7f\\)"
},
{
"status": "affected",
"version": "1.2\\(3m\\)"
},
{
"status": "affected",
"version": "3.2\\(3o\\)"
},
{
"status": "affected",
"version": "3.1\\(2s\\)"
},
{
"status": "affected",
"version": "3.2\\(2l\\)"
},
{
"status": "affected",
"version": "4.2\\(1j\\)"
},
{
"status": "affected",
"version": "2.3\\(1p\\)"
},
{
"status": "affected",
"version": "2.1\\(4a\\)"
},
{
"status": "affected",
"version": "1.1\\(1n\\)"
},
{
"status": "affected",
"version": "2.2\\(1n\\)"
},
{
"status": "affected",
"version": "2.2\\(4p\\)"
},
{
"status": "affected",
"version": "2.1\\(3j\\)"
},
{
"status": "affected",
"version": "4.2\\(4i\\)"
},
{
"status": "affected",
"version": "3.2\\(9h\\)"
},
{
"status": "affected",
"version": "5.0\\(1k\\)"
},
{
"status": "affected",
"version": "4.2\\(4k\\)"
},
{
"status": "affected",
"version": "5.0\\(1l\\)"
},
{
"status": "affected",
"version": "5.0\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(4o\\)"
},
{
"status": "affected",
"version": "4.2\\(4p\\)"
},
{
"status": "affected",
"version": "5.0\\(2h\\)"
},
{
"status": "affected",
"version": "4.2\\(5k\\)"
},
{
"status": "affected",
"version": "4.2\\(5l\\)"
},
{
"status": "affected",
"version": "4.2\\(5n\\)"
},
{
"status": "affected",
"version": "5.1\\(1h\\)"
},
{
"status": "affected",
"version": "4.2\\(6d\\)"
},
{
"status": "affected",
"version": "5.1\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(6g\\)"
},
{
"status": "affected",
"version": "4.2\\(6h\\)"
},
{
"status": "affected",
"version": "5.1\\(3e\\)"
},
{
"status": "affected",
"version": "3.2\\(10e\\)"
},
{
"status": "affected",
"version": "4.2\\(6l\\)"
},
{
"status": "affected",
"version": "4.2\\(7f\\)"
},
{
"status": "affected",
"version": "5.1\\(4c\\)"
},
{
"status": "affected",
"version": "4.2\\(6o\\)"
},
{
"status": "affected",
"version": "5.2\\(1g\\)"
},
{
"status": "affected",
"version": "5.2\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(7l\\)"
},
{
"status": "affected",
"version": "3.2\\(10f\\)"
},
{
"status": "affected",
"version": "5.2\\(2f\\)"
},
{
"status": "affected",
"version": "5.2\\(2g\\)"
},
{
"status": "affected",
"version": "4.2\\(7q\\)"
},
{
"status": "affected",
"version": "5.2\\(2h\\)"
},
{
"status": "affected",
"version": "5.2\\(3f\\)"
},
{
"status": "affected",
"version": "5.2\\(3e\\)"
},
{
"status": "affected",
"version": "5.2\\(3g\\)"
},
{
"status": "affected",
"version": "4.2\\(7r\\)"
},
{
"status": "affected",
"version": "4.2\\(7s\\)"
},
{
"status": "affected",
"version": "5.2\\(4d\\)"
},
{
"status": "affected",
"version": "5.2\\(4e\\)"
},
{
"status": "affected",
"version": "4.2\\(7t\\)"
},
{
"status": "affected",
"version": "5.2\\(5d\\)"
},
{
"status": "affected",
"version": "3.2\\(10g\\)"
},
{
"status": "affected",
"version": "5.2\\(5c\\)"
},
{
"status": "affected",
"version": "6.0\\(1g\\)"
},
{
"status": "affected",
"version": "4.2\\(7u\\)"
},
{
"status": "affected",
"version": "5.2\\(5e\\)"
},
{
"status": "affected",
"version": "5.2\\(4f\\)"
},
{
"status": "affected",
"version": "5.2\\(6e\\)"
},
{
"status": "affected",
"version": "6.0\\(1j\\)"
},
{
"status": "affected",
"version": "5.2\\(6g\\)"
},
{
"status": "affected",
"version": "5.2\\(7f\\)"
},
{
"status": "affected",
"version": "4.2\\(7v\\)"
},
{
"status": "affected",
"version": "5.2\\(7g\\)"
},
{
"status": "affected",
"version": "6.0\\(2h\\)"
},
{
"status": "affected",
"version": "4.2\\(7w\\)"
},
{
"status": "affected",
"version": "5.2\\(6h\\)"
},
{
"status": "affected",
"version": "5.2\\(4h\\)"
},
{
"status": "affected",
"version": "5.2\\(8d\\)"
},
{
"status": "affected",
"version": "6.0\\(2j\\)"
},
{
"status": "affected",
"version": "5.2\\(8e\\)"
},
{
"status": "affected",
"version": "6.0\\(3d\\)"
},
{
"status": "affected",
"version": "6.0\\(3e\\)"
},
{
"status": "affected",
"version": "5.2\\(8f\\)"
},
{
"status": "affected",
"version": "5.2\\(8g\\)"
},
{
"status": "affected",
"version": "5.3\\(1d\\)"
},
{
"status": "affected",
"version": "5.2\\(8h\\)"
},
{
"status": "affected",
"version": "6.0\\(4c\\)"
},
{
"status": "affected",
"version": "5.3\\(2a\\)"
},
{
"status": "affected",
"version": "5.2\\(8i\\)"
},
{
"status": "affected",
"version": "6.0\\(5h\\)"
},
{
"status": "affected",
"version": "5.3\\(2b\\)"
},
{
"status": "affected",
"version": "6.0\\(3g\\)"
},
{
"status": "affected",
"version": "6.0\\(5j\\)"
},
{
"status": "affected",
"version": "5.3\\(2c\\)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T03:56:06.255702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:11:08.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "2.2(1o)"
},
{
"status": "affected",
"version": "1.2(2h)"
},
{
"status": "affected",
"version": "2.2(2i)"
},
{
"status": "affected",
"version": "1.2(1k)"
},
{
"status": "affected",
"version": "2.2(1k)"
},
{
"status": "affected",
"version": "3.1(2m)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "1.1(1o)"
},
{
"status": "affected",
"version": "1.2(1m)"
},
{
"status": "affected",
"version": "1.2(2j)"
},
{
"status": "affected",
"version": "2.2(4r)"
},
{
"status": "affected",
"version": "2.2(3j)"
},
{
"status": "affected",
"version": "1.1(3f)"
},
{
"status": "affected",
"version": "2.2(2f)"
},
{
"status": "affected",
"version": "1.1(4m)"
},
{
"status": "affected",
"version": "2.2(2k)"
},
{
"status": "affected",
"version": "2.1(1i)"
},
{
"status": "affected",
"version": "2.0(1p)"
},
{
"status": "affected",
"version": "3.1(2p)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "1.1(4e)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "2.2(4f)"
},
{
"status": "affected",
"version": "2.1(3h)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "2.0(1n)"
},
{
"status": "affected",
"version": "2.0(1m)"
},
{
"status": "affected",
"version": "2.0(1r)"
},
{
"status": "affected",
"version": "2.1(2e)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "2.0(1l)"
},
{
"status": "affected",
"version": "2.2(2e)"
},
{
"status": "affected",
"version": "2.2(3r)"
},
{
"status": "affected",
"version": "3.0(2k)"
},
{
"status": "affected",
"version": "2.1(3g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "2.0(1o)"
},
{
"status": "affected",
"version": "2.2(3p)"
},
{
"status": "affected",
"version": "1.2(3e)"
},
{
"status": "affected",
"version": "2.2(3s)"
},
{
"status": "affected",
"version": "2.0(2g)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "1.2(3c)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "1.3(2h)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "1.3(2k)"
},
{
"status": "affected",
"version": "3.1(2t)"
},
{
"status": "affected",
"version": "1.1(2h)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "2.1(2k)"
},
{
"status": "affected",
"version": "2.3(1f)"
},
{
"status": "affected",
"version": "1.2(3h)"
},
{
"status": "affected",
"version": "3.0(1i)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "1.1(4l)"
},
{
"status": "affected",
"version": "2.3(1i)"
},
{
"status": "affected",
"version": "3.1(2q)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.1(1i)"
},
{
"status": "affected",
"version": "2.0(2m)"
},
{
"status": "affected",
"version": "3.0(2h)"
},
{
"status": "affected",
"version": "2.2(2q)"
},
{
"status": "affected",
"version": "2.3(1l)"
},
{
"status": "affected",
"version": "1.3(1h)"
},
{
"status": "affected",
"version": "3.0(2n)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "1.2(1h)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "1.2(1i)"
},
{
"status": "affected",
"version": "1.3(1j)"
},
{
"status": "affected",
"version": "2.1(1h)"
},
{
"status": "affected",
"version": "2.0(2l)"
},
{
"status": "affected",
"version": "2.0(2h)"
},
{
"status": "affected",
"version": "1.2(2g)"
},
{
"status": "affected",
"version": "3.0(1k)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "2.1(2g)"
},
{
"status": "affected",
"version": "2.0(1q)"
},
{
"status": "affected",
"version": "1.1(1j)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "1.1(1r)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "1.3(1g)"
},
{
"status": "affected",
"version": "1.3(2j)"
},
{
"status": "affected",
"version": "1.3(2i)"
},
{
"status": "affected",
"version": "2.0(2o)"
},
{
"status": "affected",
"version": "2.2(4q)"
},
{
"status": "affected",
"version": "2.3(1o)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "2.2(2j)"
},
{
"status": "affected",
"version": "1.1(1d)"
},
{
"status": "affected",
"version": "2.0(2n)"
},
{
"status": "affected",
"version": "2.2(3t)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "1.1(4g)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "3.1(2o)"
},
{
"status": "affected",
"version": "1.2(2i)"
},
{
"status": "affected",
"version": "2.1(2f)"
},
{
"status": "affected",
"version": "1.3(2f)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "2.0(2f)"
},
{
"status": "affected",
"version": "2.3(1e)"
},
{
"status": "affected",
"version": "1.1(1s)"
},
{
"status": "affected",
"version": "3.1(2v)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "1.1(4i)"
},
{
"status": "affected",
"version": "3.1(2u)"
},
{
"status": "affected",
"version": "1.1(4f)"
},
{
"status": "affected",
"version": "3.0(2m)"
},
{
"status": "affected",
"version": "2.0(1k)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "1.1(2i)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "1.3(1i)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "1.2(3m)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.1(2s)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "2.3(1p)"
},
{
"status": "affected",
"version": "2.1(4a)"
},
{
"status": "affected",
"version": "1.1(1n)"
},
{
"status": "affected",
"version": "2.2(1n)"
},
{
"status": "affected",
"version": "2.2(4p)"
},
{
"status": "affected",
"version": "2.1(3j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco\u0026nbsp;Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.\r\n\r\nThis vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.\r\nNote: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "Execution with Unnecessary Privileges",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:30:07.175Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-capic-priv-esc-uYQJjnuU",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU"
}
],
"source": {
"advisory": "cisco-sa-capic-priv-esc-uYQJjnuU",
"defects": [
"CSCwj32072"
],
"discovery": "INTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20478",
"datePublished": "2024-08-28T16:30:07.175Z",
"dateReserved": "2023-11-08T15:08:07.682Z",
"dateUpdated": "2024-09-06T14:11:08.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20279 (GCVE-0-2024-20279)
Vulnerability from cvelistv5 – Published: 2024-08-28 16:19 – Updated: 2024-08-28 17:54
VLAI?
Summary
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
Severity ?
4.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 2.2(1o) Affected: 1.2(2h) Affected: 2.2(2i) Affected: 1.2(1k) Affected: 2.2(1k) Affected: 3.1(2m) Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 1.1(1o) Affected: 1.2(1m) Affected: 1.2(2j) Affected: 2.2(4r) Affected: 2.2(3j) Affected: 1.1(3f) Affected: 2.2(2f) Affected: 1.1(4m) Affected: 2.2(2k) Affected: 2.1(1i) Affected: 2.0(1p) Affected: 3.1(2p) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 1.1(4e) Affected: 4.1(1k) Affected: 2.2(4f) Affected: 2.1(3h) Affected: 3.2(4d) Affected: 2.0(1n) Affected: 2.0(1m) Affected: 2.0(1r) Affected: 2.1(2e) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 2.0(1l) Affected: 2.2(2e) Affected: 2.2(3r) Affected: 3.0(2k) Affected: 2.1(3g) Affected: 4.0(1h) Affected: 2.0(1o) Affected: 2.2(3p) Affected: 1.2(3e) Affected: 2.2(3s) Affected: 2.0(2g) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 1.2(3c) Affected: 3.2(7k) Affected: 1.3(2h) Affected: 3.2(9b) Affected: 1.3(2k) Affected: 3.1(2t) Affected: 1.1(2h) Affected: 3.2(3j) Affected: 2.1(2k) Affected: 2.3(1f) Affected: 1.2(3h) Affected: 3.0(1i) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 1.1(4l) Affected: 2.3(1i) Affected: 3.1(2q) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.1(1i) Affected: 2.0(2m) Affected: 3.0(2h) Affected: 2.2(2q) Affected: 2.3(1l) Affected: 1.3(1h) Affected: 3.0(2n) Affected: 3.2(5f) Affected: 1.2(1h) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 1.2(1i) Affected: 1.3(1j) Affected: 2.1(1h) Affected: 2.0(2l) Affected: 2.0(2h) Affected: 1.2(2g) Affected: 3.0(1k) Affected: 4.2(1g) Affected: 2.1(2g) Affected: 2.0(1q) Affected: 1.1(1j) Affected: 4.1(2g) Affected: 1.1(1r) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 1.3(1g) Affected: 1.3(2j) Affected: 1.3(2i) Affected: 2.0(2o) Affected: 2.2(4q) Affected: 2.3(1o) Affected: 3.2(3i) Affected: 2.2(2j) Affected: 1.1(1d) Affected: 2.0(2n) Affected: 2.2(3t) Affected: 3.2(3n) Affected: 1.1(4g) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 3.1(2o) Affected: 1.2(2i) Affected: 2.1(2f) Affected: 1.3(2f) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 2.0(2f) Affected: 2.3(1e) Affected: 1.1(1s) Affected: 3.1(2v) Affected: 4.1(2w) Affected: 1.1(4i) Affected: 3.1(2u) Affected: 1.1(4f) Affected: 3.0(2m) Affected: 2.0(1k) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 1.1(2i) Affected: 4.0(2c) Affected: 1.3(1i) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 1.2(3m) Affected: 3.2(3o) Affected: 3.1(2s) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 2.3(1p) Affected: 2.1(4a) Affected: 1.1(1n) Affected: 2.2(1n) Affected: 2.2(4p) Affected: 2.1(3j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T17:54:46.155615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T17:54:51.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "2.2(1o)"
},
{
"status": "affected",
"version": "1.2(2h)"
},
{
"status": "affected",
"version": "2.2(2i)"
},
{
"status": "affected",
"version": "1.2(1k)"
},
{
"status": "affected",
"version": "2.2(1k)"
},
{
"status": "affected",
"version": "3.1(2m)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "1.1(1o)"
},
{
"status": "affected",
"version": "1.2(1m)"
},
{
"status": "affected",
"version": "1.2(2j)"
},
{
"status": "affected",
"version": "2.2(4r)"
},
{
"status": "affected",
"version": "2.2(3j)"
},
{
"status": "affected",
"version": "1.1(3f)"
},
{
"status": "affected",
"version": "2.2(2f)"
},
{
"status": "affected",
"version": "1.1(4m)"
},
{
"status": "affected",
"version": "2.2(2k)"
},
{
"status": "affected",
"version": "2.1(1i)"
},
{
"status": "affected",
"version": "2.0(1p)"
},
{
"status": "affected",
"version": "3.1(2p)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "1.1(4e)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "2.2(4f)"
},
{
"status": "affected",
"version": "2.1(3h)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "2.0(1n)"
},
{
"status": "affected",
"version": "2.0(1m)"
},
{
"status": "affected",
"version": "2.0(1r)"
},
{
"status": "affected",
"version": "2.1(2e)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "2.0(1l)"
},
{
"status": "affected",
"version": "2.2(2e)"
},
{
"status": "affected",
"version": "2.2(3r)"
},
{
"status": "affected",
"version": "3.0(2k)"
},
{
"status": "affected",
"version": "2.1(3g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "2.0(1o)"
},
{
"status": "affected",
"version": "2.2(3p)"
},
{
"status": "affected",
"version": "1.2(3e)"
},
{
"status": "affected",
"version": "2.2(3s)"
},
{
"status": "affected",
"version": "2.0(2g)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "1.2(3c)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "1.3(2h)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "1.3(2k)"
},
{
"status": "affected",
"version": "3.1(2t)"
},
{
"status": "affected",
"version": "1.1(2h)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "2.1(2k)"
},
{
"status": "affected",
"version": "2.3(1f)"
},
{
"status": "affected",
"version": "1.2(3h)"
},
{
"status": "affected",
"version": "3.0(1i)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "1.1(4l)"
},
{
"status": "affected",
"version": "2.3(1i)"
},
{
"status": "affected",
"version": "3.1(2q)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.1(1i)"
},
{
"status": "affected",
"version": "2.0(2m)"
},
{
"status": "affected",
"version": "3.0(2h)"
},
{
"status": "affected",
"version": "2.2(2q)"
},
{
"status": "affected",
"version": "2.3(1l)"
},
{
"status": "affected",
"version": "1.3(1h)"
},
{
"status": "affected",
"version": "3.0(2n)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "1.2(1h)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "1.2(1i)"
},
{
"status": "affected",
"version": "1.3(1j)"
},
{
"status": "affected",
"version": "2.1(1h)"
},
{
"status": "affected",
"version": "2.0(2l)"
},
{
"status": "affected",
"version": "2.0(2h)"
},
{
"status": "affected",
"version": "1.2(2g)"
},
{
"status": "affected",
"version": "3.0(1k)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "2.1(2g)"
},
{
"status": "affected",
"version": "2.0(1q)"
},
{
"status": "affected",
"version": "1.1(1j)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "1.1(1r)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "1.3(1g)"
},
{
"status": "affected",
"version": "1.3(2j)"
},
{
"status": "affected",
"version": "1.3(2i)"
},
{
"status": "affected",
"version": "2.0(2o)"
},
{
"status": "affected",
"version": "2.2(4q)"
},
{
"status": "affected",
"version": "2.3(1o)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "2.2(2j)"
},
{
"status": "affected",
"version": "1.1(1d)"
},
{
"status": "affected",
"version": "2.0(2n)"
},
{
"status": "affected",
"version": "2.2(3t)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "1.1(4g)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "3.1(2o)"
},
{
"status": "affected",
"version": "1.2(2i)"
},
{
"status": "affected",
"version": "2.1(2f)"
},
{
"status": "affected",
"version": "1.3(2f)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "2.0(2f)"
},
{
"status": "affected",
"version": "2.3(1e)"
},
{
"status": "affected",
"version": "1.1(1s)"
},
{
"status": "affected",
"version": "3.1(2v)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "1.1(4i)"
},
{
"status": "affected",
"version": "3.1(2u)"
},
{
"status": "affected",
"version": "1.1(4f)"
},
{
"status": "affected",
"version": "3.0(2m)"
},
{
"status": "affected",
"version": "2.0(1k)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "1.1(2i)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "1.3(1i)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "1.2(3m)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.1(2s)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "2.3(1p)"
},
{
"status": "affected",
"version": "2.1(4a)"
},
{
"status": "affected",
"version": "1.1(1n)"
},
{
"status": "affected",
"version": "2.2(1n)"
},
{
"status": "affected",
"version": "2.2(4p)"
},
{
"status": "affected",
"version": "2.1(3j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system.\u0026nbsp;This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:19:08.343Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-cousmo-uBpBYGbq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq"
}
],
"source": {
"advisory": "cisco-sa-apic-cousmo-uBpBYGbq",
"defects": [
"CSCwe67288"
],
"discovery": "INTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20279",
"datePublished": "2024-08-28T16:19:08.343Z",
"dateReserved": "2023-11-08T15:08:07.625Z",
"dateUpdated": "2024-08-28T17:54:51.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20230 (GCVE-0-2023-20230)
Vulnerability from cvelistv5 – Published: 2023-08-23 18:21 – Updated: 2024-10-01 15:53
VLAI?
Summary
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system.
This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
Severity ?
5.4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
5.2(6e)
Affected: 5.2(6g) Affected: 5.2(7f) Affected: 5.2(7g) Affected: 6.0(1g) Affected: 6.0(1j) Affected: 6.0(2h) Affected: 6.0(2j) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-apic-uapa-F4TAShk",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:11:19.252551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:53:16.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "6.0(2j)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system.\r\n\r This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:26.252Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-uapa-F4TAShk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk"
}
],
"source": {
"advisory": "cisco-sa-apic-uapa-F4TAShk",
"defects": [
"CSCwe56828"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20230",
"datePublished": "2023-08-23T18:21:39.489Z",
"dateReserved": "2022-10-27T18:47:50.369Z",
"dateUpdated": "2024-10-01T15:53:16.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20011 (GCVE-0-2023-20011)
Vulnerability from cvelistv5 – Published: 2023-02-23 00:00 – Updated: 2024-10-28 16:34
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:36.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230223 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:19:25.923684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:34:01.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Application Policy Infrastructure Controller (APIC) ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230223 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV"
}
],
"source": {
"advisory": "cisco-sa-capic-csrfv-DMx6KSwV",
"defect": [
[
"CSCwd15559"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20011",
"datePublished": "2023-02-23T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:34:01.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20119 (GCVE-0-2025-20119)
Vulnerability from nvd – Published: 2025-02-26 16:23 – Updated: 2025-03-03 19:02
VLAI?
Summary
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition.
Severity ?
6 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 4.1(1k) Affected: 3.2(4d) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 4.0(1h) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 3.2(7k) Affected: 3.2(9b) Affected: 3.2(3j) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.2(5f) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 4.2(1g) Affected: 4.1(2g) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 3.2(3i) Affected: 3.2(3n) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 4.1(2w) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 4.0(2c) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 3.2(3o) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) Affected: 6.0(6c) Affected: 6.1(1f) Affected: 6.0(7e) Affected: 5.3(2d) Affected: 6.0(8d) Affected: 5.3(2e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T17:21:01.401418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T19:02:59.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
},
{
"status": "affected",
"version": "6.0(6c)"
},
{
"status": "affected",
"version": "6.1(1f)"
},
{
"status": "affected",
"version": "6.0(7e)"
},
{
"status": "affected",
"version": "5.3(2d)"
},
{
"status": "affected",
"version": "6.0(8d)"
},
{
"status": "affected",
"version": "5.3(2e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T17:13:44.068Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-multi-vulns-9ummtg5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"source": {
"advisory": "cisco-sa-apic-multi-vulns-9ummtg5",
"defects": [
"CSCwk18865"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Authenticated Local Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20119",
"datePublished": "2025-02-26T16:23:37.170Z",
"dateReserved": "2024-10-10T19:15:13.211Z",
"dateUpdated": "2025-03-03T19:02:59.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20118 (GCVE-0-2025-20118)
Vulnerability from nvd – Published: 2025-02-26 16:23 – Updated: 2025-03-03 19:03
VLAI?
Summary
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks.
Severity ?
4.4 (Medium)
CWE
- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 4.1(1k) Affected: 3.2(4d) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 4.0(1h) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 3.2(7k) Affected: 3.2(9b) Affected: 3.2(3j) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.2(5f) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 4.2(1g) Affected: 4.1(2g) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 3.2(3i) Affected: 3.2(3n) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 4.1(2w) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 4.0(2c) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 3.2(3o) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) Affected: 6.0(6c) Affected: 6.1(1f) Affected: 6.0(7e) Affected: 5.3(2d) Affected: 6.0(8d) Affected: 5.3(2e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T17:51:08.139382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T19:03:28.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
},
{
"status": "affected",
"version": "6.0(6c)"
},
{
"status": "affected",
"version": "6.1(1f)"
},
{
"status": "affected",
"version": "6.0(7e)"
},
{
"status": "affected",
"version": "5.3(2d)"
},
{
"status": "affected",
"version": "6.0(8d)"
},
{
"status": "affected",
"version": "5.3(2e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T17:13:05.215Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-multi-vulns-9ummtg5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"source": {
"advisory": "cisco-sa-apic-multi-vulns-9ummtg5",
"defects": [
"CSCwk18864"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20118",
"datePublished": "2025-02-26T16:23:28.132Z",
"dateReserved": "2024-10-10T19:15:13.211Z",
"dateUpdated": "2025-03-03T19:03:28.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20117 (GCVE-0-2025-20117)
Vulnerability from nvd – Published: 2025-02-26 16:11 – Updated: 2025-02-27 15:16
VLAI?
Summary
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.
Severity ?
5.1 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 4.1(1k) Affected: 3.2(4d) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 4.0(1h) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 3.2(7k) Affected: 3.2(9b) Affected: 3.2(3j) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.2(5f) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 4.2(1g) Affected: 4.1(2g) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 3.2(3i) Affected: 3.2(3n) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 4.1(2w) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 4.0(2c) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 3.2(3o) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) Affected: 6.0(6c) Affected: 6.1(1f) Affected: 6.0(7e) Affected: 5.3(2d) Affected: 6.0(8d) Affected: 5.3(2e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:47:44.354918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T15:16:53.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
},
{
"status": "affected",
"version": "6.0(6c)"
},
{
"status": "affected",
"version": "6.1(1f)"
},
{
"status": "affected",
"version": "6.0(7e)"
},
{
"status": "affected",
"version": "5.3(2d)"
},
{
"status": "affected",
"version": "6.0(8d)"
},
{
"status": "affected",
"version": "5.3(2e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root\u0026nbsp;on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:11:26.187Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-multi-vulns-9ummtg5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"source": {
"advisory": "cisco-sa-apic-multi-vulns-9ummtg5",
"defects": [
"CSCwk18862"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Authenticated Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20117",
"datePublished": "2025-02-26T16:11:26.187Z",
"dateReserved": "2024-10-10T19:15:13.210Z",
"dateUpdated": "2025-02-27T15:16:53.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20116 (GCVE-0-2025-20116)
Vulnerability from nvd – Published: 2025-02-26 16:11 – Updated: 2025-02-27 15:10
VLAI?
Summary
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 4.1(1k) Affected: 3.2(4d) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 4.0(1h) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 3.2(7k) Affected: 3.2(9b) Affected: 3.2(3j) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.2(5f) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 4.2(1g) Affected: 4.1(2g) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 3.2(3i) Affected: 3.2(3n) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 4.1(2w) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 4.0(2c) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 3.2(3o) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) Affected: 6.0(6c) Affected: 6.1(1f) Affected: 6.0(7e) Affected: 5.3(2d) Affected: 6.0(8d) Affected: 5.3(2e) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20116",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:49:28.397648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T15:10:56.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
},
{
"status": "affected",
"version": "6.0(6c)"
},
{
"status": "affected",
"version": "6.1(1f)"
},
{
"status": "affected",
"version": "6.0(7e)"
},
{
"status": "affected",
"version": "5.3(2d)"
},
{
"status": "affected",
"version": "6.0(8d)"
},
{
"status": "affected",
"version": "5.3(2e)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:11:17.385Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-multi-vulns-9ummtg5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5"
}
],
"source": {
"advisory": "cisco-sa-apic-multi-vulns-9ummtg5",
"defects": [
"CSCwk18863"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20116",
"datePublished": "2025-02-26T16:11:17.385Z",
"dateReserved": "2024-10-10T19:15:13.210Z",
"dateUpdated": "2025-02-27T15:10:56.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20478 (GCVE-0-2024-20478)
Vulnerability from nvd – Published: 2024-08-28 16:30 – Updated: 2024-09-06 14:11
VLAI?
Summary
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.
This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.
Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.
Severity ?
6.5 (Medium)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 2.2(1o) Affected: 1.2(2h) Affected: 2.2(2i) Affected: 1.2(1k) Affected: 2.2(1k) Affected: 3.1(2m) Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 1.1(1o) Affected: 1.2(1m) Affected: 1.2(2j) Affected: 2.2(4r) Affected: 2.2(3j) Affected: 1.1(3f) Affected: 2.2(2f) Affected: 1.1(4m) Affected: 2.2(2k) Affected: 2.1(1i) Affected: 2.0(1p) Affected: 3.1(2p) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 1.1(4e) Affected: 4.1(1k) Affected: 2.2(4f) Affected: 2.1(3h) Affected: 3.2(4d) Affected: 2.0(1n) Affected: 2.0(1m) Affected: 2.0(1r) Affected: 2.1(2e) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 2.0(1l) Affected: 2.2(2e) Affected: 2.2(3r) Affected: 3.0(2k) Affected: 2.1(3g) Affected: 4.0(1h) Affected: 2.0(1o) Affected: 2.2(3p) Affected: 1.2(3e) Affected: 2.2(3s) Affected: 2.0(2g) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 1.2(3c) Affected: 3.2(7k) Affected: 1.3(2h) Affected: 3.2(9b) Affected: 1.3(2k) Affected: 3.1(2t) Affected: 1.1(2h) Affected: 3.2(3j) Affected: 2.1(2k) Affected: 2.3(1f) Affected: 1.2(3h) Affected: 3.0(1i) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 1.1(4l) Affected: 2.3(1i) Affected: 3.1(2q) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.1(1i) Affected: 2.0(2m) Affected: 3.0(2h) Affected: 2.2(2q) Affected: 2.3(1l) Affected: 1.3(1h) Affected: 3.0(2n) Affected: 3.2(5f) Affected: 1.2(1h) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 1.2(1i) Affected: 1.3(1j) Affected: 2.1(1h) Affected: 2.0(2l) Affected: 2.0(2h) Affected: 1.2(2g) Affected: 3.0(1k) Affected: 4.2(1g) Affected: 2.1(2g) Affected: 2.0(1q) Affected: 1.1(1j) Affected: 4.1(2g) Affected: 1.1(1r) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 1.3(1g) Affected: 1.3(2j) Affected: 1.3(2i) Affected: 2.0(2o) Affected: 2.2(4q) Affected: 2.3(1o) Affected: 3.2(3i) Affected: 2.2(2j) Affected: 1.1(1d) Affected: 2.0(2n) Affected: 2.2(3t) Affected: 3.2(3n) Affected: 1.1(4g) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 3.1(2o) Affected: 1.2(2i) Affected: 2.1(2f) Affected: 1.3(2f) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 2.0(2f) Affected: 2.3(1e) Affected: 1.1(1s) Affected: 3.1(2v) Affected: 4.1(2w) Affected: 1.1(4i) Affected: 3.1(2u) Affected: 1.1(4f) Affected: 3.0(2m) Affected: 2.0(1k) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 1.1(2i) Affected: 4.0(2c) Affected: 1.3(1i) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 1.2(3m) Affected: 3.2(3o) Affected: 3.1(2s) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 2.3(1p) Affected: 2.1(4a) Affected: 1.1(1n) Affected: 2.2(1n) Affected: 2.2(4p) Affected: 2.1(3j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(8d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(41d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(3f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9b\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2t\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2u\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1a\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(6i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3t\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2x\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2v\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2w\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2u\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(2c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3m\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(4a\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4p\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5k\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5n\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(1h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(3e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(4c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6o\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(1g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7l\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7q\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7r\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7s\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7t\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7u\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7v\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7w\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3e\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8f\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(1d\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(4c\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2a\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8i\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5h\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2b\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3g\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5j\\):*:*:*:*:*:*:*",
"cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2c\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "application_policy_infrastructure_controller",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "3.2\\(8d\\)"
},
{
"status": "affected",
"version": "2.2\\(1o\\)"
},
{
"status": "affected",
"version": "1.2\\(2h\\)"
},
{
"status": "affected",
"version": "2.2\\(2i\\)"
},
{
"status": "affected",
"version": "1.2\\(1k\\)"
},
{
"status": "affected",
"version": "2.2\\(1k\\)"
},
{
"status": "affected",
"version": "3.1\\(2m\\)"
},
{
"status": "affected",
"version": "3.2\\(1m\\)"
},
{
"status": "affected",
"version": "3.2\\(5e\\)"
},
{
"status": "affected",
"version": "4.1\\(2m\\)"
},
{
"status": "affected",
"version": "3.2\\(41d\\)"
},
{
"status": "affected",
"version": "1.1\\(1o\\)"
},
{
"status": "affected",
"version": "1.2\\(1m\\)"
},
{
"status": "affected",
"version": "1.2\\(2j\\)"
},
{
"status": "affected",
"version": "2.2\\(4r\\)"
},
{
"status": "affected",
"version": "2.2\\(3j\\)"
},
{
"status": "affected",
"version": "1.1\\(3f\\)"
},
{
"status": "affected",
"version": "2.2\\(2f\\)"
},
{
"status": "affected",
"version": "1.1\\(4m\\)"
},
{
"status": "affected",
"version": "2.2\\(2k\\)"
},
{
"status": "affected",
"version": "2.1\\(1i\\)"
},
{
"status": "affected",
"version": "2.0\\(1p\\)"
},
{
"status": "affected",
"version": "3.1\\(2p\\)"
},
{
"status": "affected",
"version": "3.2\\(3s\\)"
},
{
"status": "affected",
"version": "4.0\\(3c\\)"
},
{
"status": "affected",
"version": "1.1\\(4e\\)"
},
{
"status": "affected",
"version": "4.1\\(1k\\)"
},
{
"status": "affected",
"version": "2.2\\(4f\\)"
},
{
"status": "affected",
"version": "2.1\\(3h\\)"
},
{
"status": "affected",
"version": "3.2\\(4d\\)"
},
{
"status": "affected",
"version": "2.0\\(1n\\)"
},
{
"status": "affected",
"version": "2.0\\(1m\\)"
},
{
"status": "affected",
"version": "2.0\\(1r\\)"
},
{
"status": "affected",
"version": "2.1\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(3j\\)"
},
{
"status": "affected",
"version": "4.2\\(3n\\)"
},
{
"status": "affected",
"version": "2.0\\(1l\\)"
},
{
"status": "affected",
"version": "2.2\\(2e\\)"
},
{
"status": "affected",
"version": "2.2\\(3r\\)"
},
{
"status": "affected",
"version": "3.0\\(2k\\)"
},
{
"status": "affected",
"version": "2.1\\(3g\\)"
},
{
"status": "affected",
"version": "4.0\\(1h\\)"
},
{
"status": "affected",
"version": "2.0\\(1o\\)"
},
{
"status": "affected",
"version": "2.2\\(3p\\)"
},
{
"status": "affected",
"version": "1.2\\(3e\\)"
},
{
"status": "affected",
"version": "2.2\\(3s\\)"
},
{
"status": "affected",
"version": "2.0\\(2g\\)"
},
{
"status": "affected",
"version": "4.1\\(1l\\)"
},
{
"status": "affected",
"version": "3.2\\(9f\\)"
},
{
"status": "affected",
"version": "4.2\\(3l\\)"
},
{
"status": "affected",
"version": "4.2\\(2g\\)"
},
{
"status": "affected",
"version": "1.2\\(3c\\)"
},
{
"status": "affected",
"version": "3.2\\(7k\\)"
},
{
"status": "affected",
"version": "1.3\\(2h\\)"
},
{
"status": "affected",
"version": "3.2\\(9b\\)"
},
{
"status": "affected",
"version": "1.3\\(2k\\)"
},
{
"status": "affected",
"version": "3.1\\(2t\\)"
},
{
"status": "affected",
"version": "1.1\\(2h\\)"
},
{
"status": "affected",
"version": "3.2\\(3j\\)"
},
{
"status": "affected",
"version": "2.1\\(2k\\)"
},
{
"status": "affected",
"version": "2.3\\(1f\\)"
},
{
"status": "affected",
"version": "1.2\\(3h\\)"
},
{
"status": "affected",
"version": "3.0\\(1i\\)"
},
{
"status": "affected",
"version": "4.1\\(2u\\)"
},
{
"status": "affected",
"version": "4.2\\(1l\\)"
},
{
"status": "affected",
"version": "4.1\\(1a\\)"
},
{
"status": "affected",
"version": "4.0\\(3d\\)"
},
{
"status": "affected",
"version": "1.1\\(4l\\)"
},
{
"status": "affected",
"version": "2.3\\(1i\\)"
},
{
"status": "affected",
"version": "3.1\\(2q\\)"
},
{
"status": "affected",
"version": "3.2\\(4e\\)"
},
{
"status": "affected",
"version": "4.1\\(1i\\)"
},
{
"status": "affected",
"version": "3.1\\(1i\\)"
},
{
"status": "affected",
"version": "2.0\\(2m\\)"
},
{
"status": "affected",
"version": "3.0\\(2h\\)"
},
{
"status": "affected",
"version": "2.2\\(2q\\)"
},
{
"status": "affected",
"version": "2.3\\(1l\\)"
},
{
"status": "affected",
"version": "1.3\\(1h\\)"
},
{
"status": "affected",
"version": "3.0\\(2n\\)"
},
{
"status": "affected",
"version": "3.2\\(5f\\)"
},
{
"status": "affected",
"version": "1.2\\(1h\\)"
},
{
"status": "affected",
"version": "3.2\\(1l\\)"
},
{
"status": "affected",
"version": "4.2\\(1i\\)"
},
{
"status": "affected",
"version": "4.1\\(2o\\)"
},
{
"status": "affected",
"version": "1.2\\(1i\\)"
},
{
"status": "affected",
"version": "1.3\\(1j\\)"
},
{
"status": "affected",
"version": "2.1\\(1h\\)"
},
{
"status": "affected",
"version": "2.0\\(2l\\)"
},
{
"status": "affected",
"version": "2.0\\(2h\\)"
},
{
"status": "affected",
"version": "1.2\\(2g\\)"
},
{
"status": "affected",
"version": "3.0\\(1k\\)"
},
{
"status": "affected",
"version": "4.2\\(1g\\)"
},
{
"status": "affected",
"version": "2.1\\(2g\\)"
},
{
"status": "affected",
"version": "2.0\\(1q\\)"
},
{
"status": "affected",
"version": "1.1\\(1j\\)"
},
{
"status": "affected",
"version": "4.1\\(2g\\)"
},
{
"status": "affected",
"version": "1.1\\(1r\\)"
},
{
"status": "affected",
"version": "4.2\\(2f\\)"
},
{
"status": "affected",
"version": "3.2\\(6i\\)"
},
{
"status": "affected",
"version": "1.3\\(1g\\)"
},
{
"status": "affected",
"version": "1.3\\(2j\\)"
},
{
"status": "affected",
"version": "1.3\\(2i\\)"
},
{
"status": "affected",
"version": "2.0\\(2o\\)"
},
{
"status": "affected",
"version": "2.2\\(4q\\)"
},
{
"status": "affected",
"version": "2.3\\(1o\\)"
},
{
"status": "affected",
"version": "3.2\\(3i\\)"
},
{
"status": "affected",
"version": "2.2\\(2j\\)"
},
{
"status": "affected",
"version": "1.1\\(1d\\)"
},
{
"status": "affected",
"version": "2.0\\(2n\\)"
},
{
"status": "affected",
"version": "2.2\\(3t\\)"
},
{
"status": "affected",
"version": "3.2\\(3n\\)"
},
{
"status": "affected",
"version": "1.1\\(4g\\)"
},
{
"status": "affected",
"version": "4.1\\(2x\\)"
},
{
"status": "affected",
"version": "3.2\\(5d\\)"
},
{
"status": "affected",
"version": "3.1\\(2o\\)"
},
{
"status": "affected",
"version": "1.2\\(2i\\)"
},
{
"status": "affected",
"version": "2.1\\(2f\\)"
},
{
"status": "affected",
"version": "1.3\\(2f\\)"
},
{
"status": "affected",
"version": "4.2\\(3q\\)"
},
{
"status": "affected",
"version": "4.1\\(1j\\)"
},
{
"status": "affected",
"version": "2.0\\(2f\\)"
},
{
"status": "affected",
"version": "2.3\\(1e\\)"
},
{
"status": "affected",
"version": "1.1\\(1s\\)"
},
{
"status": "affected",
"version": "3.1\\(2v\\)"
},
{
"status": "affected",
"version": "4.1\\(2w\\)"
},
{
"status": "affected",
"version": "1.1\\(4i\\)"
},
{
"status": "affected",
"version": "3.1\\(2u\\)"
},
{
"status": "affected",
"version": "1.1\\(4f\\)"
},
{
"status": "affected",
"version": "3.0\\(2m\\)"
},
{
"status": "affected",
"version": "2.0\\(1k\\)"
},
{
"status": "affected",
"version": "3.2\\(2o\\)"
},
{
"status": "affected",
"version": "3.2\\(3r\\)"
},
{
"status": "affected",
"version": "1.1\\(2i\\)"
},
{
"status": "affected",
"version": "4.0\\(2c\\)"
},
{
"status": "affected",
"version": "1.3\\(1i\\)"
},
{
"status": "affected",
"version": "4.1\\(2s\\)"
},
{
"status": "affected",
"version": "3.2\\(7f\\)"
},
{
"status": "affected",
"version": "1.2\\(3m\\)"
},
{
"status": "affected",
"version": "3.2\\(3o\\)"
},
{
"status": "affected",
"version": "3.1\\(2s\\)"
},
{
"status": "affected",
"version": "3.2\\(2l\\)"
},
{
"status": "affected",
"version": "4.2\\(1j\\)"
},
{
"status": "affected",
"version": "2.3\\(1p\\)"
},
{
"status": "affected",
"version": "2.1\\(4a\\)"
},
{
"status": "affected",
"version": "1.1\\(1n\\)"
},
{
"status": "affected",
"version": "2.2\\(1n\\)"
},
{
"status": "affected",
"version": "2.2\\(4p\\)"
},
{
"status": "affected",
"version": "2.1\\(3j\\)"
},
{
"status": "affected",
"version": "4.2\\(4i\\)"
},
{
"status": "affected",
"version": "3.2\\(9h\\)"
},
{
"status": "affected",
"version": "5.0\\(1k\\)"
},
{
"status": "affected",
"version": "4.2\\(4k\\)"
},
{
"status": "affected",
"version": "5.0\\(1l\\)"
},
{
"status": "affected",
"version": "5.0\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(4o\\)"
},
{
"status": "affected",
"version": "4.2\\(4p\\)"
},
{
"status": "affected",
"version": "5.0\\(2h\\)"
},
{
"status": "affected",
"version": "4.2\\(5k\\)"
},
{
"status": "affected",
"version": "4.2\\(5l\\)"
},
{
"status": "affected",
"version": "4.2\\(5n\\)"
},
{
"status": "affected",
"version": "5.1\\(1h\\)"
},
{
"status": "affected",
"version": "4.2\\(6d\\)"
},
{
"status": "affected",
"version": "5.1\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(6g\\)"
},
{
"status": "affected",
"version": "4.2\\(6h\\)"
},
{
"status": "affected",
"version": "5.1\\(3e\\)"
},
{
"status": "affected",
"version": "3.2\\(10e\\)"
},
{
"status": "affected",
"version": "4.2\\(6l\\)"
},
{
"status": "affected",
"version": "4.2\\(7f\\)"
},
{
"status": "affected",
"version": "5.1\\(4c\\)"
},
{
"status": "affected",
"version": "4.2\\(6o\\)"
},
{
"status": "affected",
"version": "5.2\\(1g\\)"
},
{
"status": "affected",
"version": "5.2\\(2e\\)"
},
{
"status": "affected",
"version": "4.2\\(7l\\)"
},
{
"status": "affected",
"version": "3.2\\(10f\\)"
},
{
"status": "affected",
"version": "5.2\\(2f\\)"
},
{
"status": "affected",
"version": "5.2\\(2g\\)"
},
{
"status": "affected",
"version": "4.2\\(7q\\)"
},
{
"status": "affected",
"version": "5.2\\(2h\\)"
},
{
"status": "affected",
"version": "5.2\\(3f\\)"
},
{
"status": "affected",
"version": "5.2\\(3e\\)"
},
{
"status": "affected",
"version": "5.2\\(3g\\)"
},
{
"status": "affected",
"version": "4.2\\(7r\\)"
},
{
"status": "affected",
"version": "4.2\\(7s\\)"
},
{
"status": "affected",
"version": "5.2\\(4d\\)"
},
{
"status": "affected",
"version": "5.2\\(4e\\)"
},
{
"status": "affected",
"version": "4.2\\(7t\\)"
},
{
"status": "affected",
"version": "5.2\\(5d\\)"
},
{
"status": "affected",
"version": "3.2\\(10g\\)"
},
{
"status": "affected",
"version": "5.2\\(5c\\)"
},
{
"status": "affected",
"version": "6.0\\(1g\\)"
},
{
"status": "affected",
"version": "4.2\\(7u\\)"
},
{
"status": "affected",
"version": "5.2\\(5e\\)"
},
{
"status": "affected",
"version": "5.2\\(4f\\)"
},
{
"status": "affected",
"version": "5.2\\(6e\\)"
},
{
"status": "affected",
"version": "6.0\\(1j\\)"
},
{
"status": "affected",
"version": "5.2\\(6g\\)"
},
{
"status": "affected",
"version": "5.2\\(7f\\)"
},
{
"status": "affected",
"version": "4.2\\(7v\\)"
},
{
"status": "affected",
"version": "5.2\\(7g\\)"
},
{
"status": "affected",
"version": "6.0\\(2h\\)"
},
{
"status": "affected",
"version": "4.2\\(7w\\)"
},
{
"status": "affected",
"version": "5.2\\(6h\\)"
},
{
"status": "affected",
"version": "5.2\\(4h\\)"
},
{
"status": "affected",
"version": "5.2\\(8d\\)"
},
{
"status": "affected",
"version": "6.0\\(2j\\)"
},
{
"status": "affected",
"version": "5.2\\(8e\\)"
},
{
"status": "affected",
"version": "6.0\\(3d\\)"
},
{
"status": "affected",
"version": "6.0\\(3e\\)"
},
{
"status": "affected",
"version": "5.2\\(8f\\)"
},
{
"status": "affected",
"version": "5.2\\(8g\\)"
},
{
"status": "affected",
"version": "5.3\\(1d\\)"
},
{
"status": "affected",
"version": "5.2\\(8h\\)"
},
{
"status": "affected",
"version": "6.0\\(4c\\)"
},
{
"status": "affected",
"version": "5.3\\(2a\\)"
},
{
"status": "affected",
"version": "5.2\\(8i\\)"
},
{
"status": "affected",
"version": "6.0\\(5h\\)"
},
{
"status": "affected",
"version": "5.3\\(2b\\)"
},
{
"status": "affected",
"version": "6.0\\(3g\\)"
},
{
"status": "affected",
"version": "6.0\\(5j\\)"
},
{
"status": "affected",
"version": "5.3\\(2c\\)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T03:56:06.255702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:11:08.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "2.2(1o)"
},
{
"status": "affected",
"version": "1.2(2h)"
},
{
"status": "affected",
"version": "2.2(2i)"
},
{
"status": "affected",
"version": "1.2(1k)"
},
{
"status": "affected",
"version": "2.2(1k)"
},
{
"status": "affected",
"version": "3.1(2m)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "1.1(1o)"
},
{
"status": "affected",
"version": "1.2(1m)"
},
{
"status": "affected",
"version": "1.2(2j)"
},
{
"status": "affected",
"version": "2.2(4r)"
},
{
"status": "affected",
"version": "2.2(3j)"
},
{
"status": "affected",
"version": "1.1(3f)"
},
{
"status": "affected",
"version": "2.2(2f)"
},
{
"status": "affected",
"version": "1.1(4m)"
},
{
"status": "affected",
"version": "2.2(2k)"
},
{
"status": "affected",
"version": "2.1(1i)"
},
{
"status": "affected",
"version": "2.0(1p)"
},
{
"status": "affected",
"version": "3.1(2p)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "1.1(4e)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "2.2(4f)"
},
{
"status": "affected",
"version": "2.1(3h)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "2.0(1n)"
},
{
"status": "affected",
"version": "2.0(1m)"
},
{
"status": "affected",
"version": "2.0(1r)"
},
{
"status": "affected",
"version": "2.1(2e)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "2.0(1l)"
},
{
"status": "affected",
"version": "2.2(2e)"
},
{
"status": "affected",
"version": "2.2(3r)"
},
{
"status": "affected",
"version": "3.0(2k)"
},
{
"status": "affected",
"version": "2.1(3g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "2.0(1o)"
},
{
"status": "affected",
"version": "2.2(3p)"
},
{
"status": "affected",
"version": "1.2(3e)"
},
{
"status": "affected",
"version": "2.2(3s)"
},
{
"status": "affected",
"version": "2.0(2g)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "1.2(3c)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "1.3(2h)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "1.3(2k)"
},
{
"status": "affected",
"version": "3.1(2t)"
},
{
"status": "affected",
"version": "1.1(2h)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "2.1(2k)"
},
{
"status": "affected",
"version": "2.3(1f)"
},
{
"status": "affected",
"version": "1.2(3h)"
},
{
"status": "affected",
"version": "3.0(1i)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "1.1(4l)"
},
{
"status": "affected",
"version": "2.3(1i)"
},
{
"status": "affected",
"version": "3.1(2q)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.1(1i)"
},
{
"status": "affected",
"version": "2.0(2m)"
},
{
"status": "affected",
"version": "3.0(2h)"
},
{
"status": "affected",
"version": "2.2(2q)"
},
{
"status": "affected",
"version": "2.3(1l)"
},
{
"status": "affected",
"version": "1.3(1h)"
},
{
"status": "affected",
"version": "3.0(2n)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "1.2(1h)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "1.2(1i)"
},
{
"status": "affected",
"version": "1.3(1j)"
},
{
"status": "affected",
"version": "2.1(1h)"
},
{
"status": "affected",
"version": "2.0(2l)"
},
{
"status": "affected",
"version": "2.0(2h)"
},
{
"status": "affected",
"version": "1.2(2g)"
},
{
"status": "affected",
"version": "3.0(1k)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "2.1(2g)"
},
{
"status": "affected",
"version": "2.0(1q)"
},
{
"status": "affected",
"version": "1.1(1j)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "1.1(1r)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "1.3(1g)"
},
{
"status": "affected",
"version": "1.3(2j)"
},
{
"status": "affected",
"version": "1.3(2i)"
},
{
"status": "affected",
"version": "2.0(2o)"
},
{
"status": "affected",
"version": "2.2(4q)"
},
{
"status": "affected",
"version": "2.3(1o)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "2.2(2j)"
},
{
"status": "affected",
"version": "1.1(1d)"
},
{
"status": "affected",
"version": "2.0(2n)"
},
{
"status": "affected",
"version": "2.2(3t)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "1.1(4g)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "3.1(2o)"
},
{
"status": "affected",
"version": "1.2(2i)"
},
{
"status": "affected",
"version": "2.1(2f)"
},
{
"status": "affected",
"version": "1.3(2f)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "2.0(2f)"
},
{
"status": "affected",
"version": "2.3(1e)"
},
{
"status": "affected",
"version": "1.1(1s)"
},
{
"status": "affected",
"version": "3.1(2v)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "1.1(4i)"
},
{
"status": "affected",
"version": "3.1(2u)"
},
{
"status": "affected",
"version": "1.1(4f)"
},
{
"status": "affected",
"version": "3.0(2m)"
},
{
"status": "affected",
"version": "2.0(1k)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "1.1(2i)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "1.3(1i)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "1.2(3m)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.1(2s)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "2.3(1p)"
},
{
"status": "affected",
"version": "2.1(4a)"
},
{
"status": "affected",
"version": "1.1(1n)"
},
{
"status": "affected",
"version": "2.2(1n)"
},
{
"status": "affected",
"version": "2.2(4p)"
},
{
"status": "affected",
"version": "2.1(3j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
},
{
"status": "affected",
"version": "5.3(2c)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco\u0026nbsp;Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.\r\n\r\nThis vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.\r\nNote: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "Execution with Unnecessary Privileges",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:30:07.175Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-capic-priv-esc-uYQJjnuU",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU"
}
],
"source": {
"advisory": "cisco-sa-capic-priv-esc-uYQJjnuU",
"defects": [
"CSCwj32072"
],
"discovery": "INTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20478",
"datePublished": "2024-08-28T16:30:07.175Z",
"dateReserved": "2023-11-08T15:08:07.682Z",
"dateUpdated": "2024-09-06T14:11:08.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20279 (GCVE-0-2024-20279)
Vulnerability from nvd – Published: 2024-08-28 16:19 – Updated: 2024-08-28 17:54
VLAI?
Summary
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
Severity ?
4.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 2.2(1o) Affected: 1.2(2h) Affected: 2.2(2i) Affected: 1.2(1k) Affected: 2.2(1k) Affected: 3.1(2m) Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 1.1(1o) Affected: 1.2(1m) Affected: 1.2(2j) Affected: 2.2(4r) Affected: 2.2(3j) Affected: 1.1(3f) Affected: 2.2(2f) Affected: 1.1(4m) Affected: 2.2(2k) Affected: 2.1(1i) Affected: 2.0(1p) Affected: 3.1(2p) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 1.1(4e) Affected: 4.1(1k) Affected: 2.2(4f) Affected: 2.1(3h) Affected: 3.2(4d) Affected: 2.0(1n) Affected: 2.0(1m) Affected: 2.0(1r) Affected: 2.1(2e) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 2.0(1l) Affected: 2.2(2e) Affected: 2.2(3r) Affected: 3.0(2k) Affected: 2.1(3g) Affected: 4.0(1h) Affected: 2.0(1o) Affected: 2.2(3p) Affected: 1.2(3e) Affected: 2.2(3s) Affected: 2.0(2g) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 1.2(3c) Affected: 3.2(7k) Affected: 1.3(2h) Affected: 3.2(9b) Affected: 1.3(2k) Affected: 3.1(2t) Affected: 1.1(2h) Affected: 3.2(3j) Affected: 2.1(2k) Affected: 2.3(1f) Affected: 1.2(3h) Affected: 3.0(1i) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 1.1(4l) Affected: 2.3(1i) Affected: 3.1(2q) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.1(1i) Affected: 2.0(2m) Affected: 3.0(2h) Affected: 2.2(2q) Affected: 2.3(1l) Affected: 1.3(1h) Affected: 3.0(2n) Affected: 3.2(5f) Affected: 1.2(1h) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 1.2(1i) Affected: 1.3(1j) Affected: 2.1(1h) Affected: 2.0(2l) Affected: 2.0(2h) Affected: 1.2(2g) Affected: 3.0(1k) Affected: 4.2(1g) Affected: 2.1(2g) Affected: 2.0(1q) Affected: 1.1(1j) Affected: 4.1(2g) Affected: 1.1(1r) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 1.3(1g) Affected: 1.3(2j) Affected: 1.3(2i) Affected: 2.0(2o) Affected: 2.2(4q) Affected: 2.3(1o) Affected: 3.2(3i) Affected: 2.2(2j) Affected: 1.1(1d) Affected: 2.0(2n) Affected: 2.2(3t) Affected: 3.2(3n) Affected: 1.1(4g) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 3.1(2o) Affected: 1.2(2i) Affected: 2.1(2f) Affected: 1.3(2f) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 2.0(2f) Affected: 2.3(1e) Affected: 1.1(1s) Affected: 3.1(2v) Affected: 4.1(2w) Affected: 1.1(4i) Affected: 3.1(2u) Affected: 1.1(4f) Affected: 3.0(2m) Affected: 2.0(1k) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 1.1(2i) Affected: 4.0(2c) Affected: 1.3(1i) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 1.2(3m) Affected: 3.2(3o) Affected: 3.1(2s) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 2.3(1p) Affected: 2.1(4a) Affected: 1.1(1n) Affected: 2.2(1n) Affected: 2.2(4p) Affected: 2.1(3j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T17:54:46.155615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T17:54:51.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "2.2(1o)"
},
{
"status": "affected",
"version": "1.2(2h)"
},
{
"status": "affected",
"version": "2.2(2i)"
},
{
"status": "affected",
"version": "1.2(1k)"
},
{
"status": "affected",
"version": "2.2(1k)"
},
{
"status": "affected",
"version": "3.1(2m)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "1.1(1o)"
},
{
"status": "affected",
"version": "1.2(1m)"
},
{
"status": "affected",
"version": "1.2(2j)"
},
{
"status": "affected",
"version": "2.2(4r)"
},
{
"status": "affected",
"version": "2.2(3j)"
},
{
"status": "affected",
"version": "1.1(3f)"
},
{
"status": "affected",
"version": "2.2(2f)"
},
{
"status": "affected",
"version": "1.1(4m)"
},
{
"status": "affected",
"version": "2.2(2k)"
},
{
"status": "affected",
"version": "2.1(1i)"
},
{
"status": "affected",
"version": "2.0(1p)"
},
{
"status": "affected",
"version": "3.1(2p)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "1.1(4e)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "2.2(4f)"
},
{
"status": "affected",
"version": "2.1(3h)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "2.0(1n)"
},
{
"status": "affected",
"version": "2.0(1m)"
},
{
"status": "affected",
"version": "2.0(1r)"
},
{
"status": "affected",
"version": "2.1(2e)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "2.0(1l)"
},
{
"status": "affected",
"version": "2.2(2e)"
},
{
"status": "affected",
"version": "2.2(3r)"
},
{
"status": "affected",
"version": "3.0(2k)"
},
{
"status": "affected",
"version": "2.1(3g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "2.0(1o)"
},
{
"status": "affected",
"version": "2.2(3p)"
},
{
"status": "affected",
"version": "1.2(3e)"
},
{
"status": "affected",
"version": "2.2(3s)"
},
{
"status": "affected",
"version": "2.0(2g)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "1.2(3c)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "1.3(2h)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "1.3(2k)"
},
{
"status": "affected",
"version": "3.1(2t)"
},
{
"status": "affected",
"version": "1.1(2h)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "2.1(2k)"
},
{
"status": "affected",
"version": "2.3(1f)"
},
{
"status": "affected",
"version": "1.2(3h)"
},
{
"status": "affected",
"version": "3.0(1i)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "1.1(4l)"
},
{
"status": "affected",
"version": "2.3(1i)"
},
{
"status": "affected",
"version": "3.1(2q)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.1(1i)"
},
{
"status": "affected",
"version": "2.0(2m)"
},
{
"status": "affected",
"version": "3.0(2h)"
},
{
"status": "affected",
"version": "2.2(2q)"
},
{
"status": "affected",
"version": "2.3(1l)"
},
{
"status": "affected",
"version": "1.3(1h)"
},
{
"status": "affected",
"version": "3.0(2n)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "1.2(1h)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "1.2(1i)"
},
{
"status": "affected",
"version": "1.3(1j)"
},
{
"status": "affected",
"version": "2.1(1h)"
},
{
"status": "affected",
"version": "2.0(2l)"
},
{
"status": "affected",
"version": "2.0(2h)"
},
{
"status": "affected",
"version": "1.2(2g)"
},
{
"status": "affected",
"version": "3.0(1k)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "2.1(2g)"
},
{
"status": "affected",
"version": "2.0(1q)"
},
{
"status": "affected",
"version": "1.1(1j)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "1.1(1r)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "1.3(1g)"
},
{
"status": "affected",
"version": "1.3(2j)"
},
{
"status": "affected",
"version": "1.3(2i)"
},
{
"status": "affected",
"version": "2.0(2o)"
},
{
"status": "affected",
"version": "2.2(4q)"
},
{
"status": "affected",
"version": "2.3(1o)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "2.2(2j)"
},
{
"status": "affected",
"version": "1.1(1d)"
},
{
"status": "affected",
"version": "2.0(2n)"
},
{
"status": "affected",
"version": "2.2(3t)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "1.1(4g)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "3.1(2o)"
},
{
"status": "affected",
"version": "1.2(2i)"
},
{
"status": "affected",
"version": "2.1(2f)"
},
{
"status": "affected",
"version": "1.3(2f)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "2.0(2f)"
},
{
"status": "affected",
"version": "2.3(1e)"
},
{
"status": "affected",
"version": "1.1(1s)"
},
{
"status": "affected",
"version": "3.1(2v)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "1.1(4i)"
},
{
"status": "affected",
"version": "3.1(2u)"
},
{
"status": "affected",
"version": "1.1(4f)"
},
{
"status": "affected",
"version": "3.0(2m)"
},
{
"status": "affected",
"version": "2.0(1k)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "1.1(2i)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "1.3(1i)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "1.2(3m)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.1(2s)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "2.3(1p)"
},
{
"status": "affected",
"version": "2.1(4a)"
},
{
"status": "affected",
"version": "1.1(1n)"
},
{
"status": "affected",
"version": "2.2(1n)"
},
{
"status": "affected",
"version": "2.2(4p)"
},
{
"status": "affected",
"version": "2.1(3j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system.\u0026nbsp;This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:19:08.343Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-cousmo-uBpBYGbq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq"
}
],
"source": {
"advisory": "cisco-sa-apic-cousmo-uBpBYGbq",
"defects": [
"CSCwe67288"
],
"discovery": "INTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20279",
"datePublished": "2024-08-28T16:19:08.343Z",
"dateReserved": "2023-11-08T15:08:07.625Z",
"dateUpdated": "2024-08-28T17:54:51.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20230 (GCVE-0-2023-20230)
Vulnerability from nvd – Published: 2023-08-23 18:21 – Updated: 2024-10-01 15:53
VLAI?
Summary
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system.
This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
Severity ?
5.4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
5.2(6e)
Affected: 5.2(6g) Affected: 5.2(7f) Affected: 5.2(7g) Affected: 6.0(1g) Affected: 6.0(1j) Affected: 6.0(2h) Affected: 6.0(2j) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-apic-uapa-F4TAShk",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:11:19.252551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:53:16.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "6.0(2j)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system.\r\n\r This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:26.252Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-uapa-F4TAShk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk"
}
],
"source": {
"advisory": "cisco-sa-apic-uapa-F4TAShk",
"defects": [
"CSCwe56828"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20230",
"datePublished": "2023-08-23T18:21:39.489Z",
"dateReserved": "2022-10-27T18:47:50.369Z",
"dateUpdated": "2024-10-01T15:53:16.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20011 (GCVE-0-2023-20011)
Vulnerability from nvd – Published: 2023-02-23 00:00 – Updated: 2024-10-28 16:34
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:36.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230223 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:19:25.923684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:34:01.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Application Policy Infrastructure Controller (APIC) ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230223 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV"
}
],
"source": {
"advisory": "cisco-sa-capic-csrfv-DMx6KSwV",
"defect": [
[
"CSCwd15559"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20011",
"datePublished": "2023-02-23T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:34:01.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}