CVE-2019-1586Incomplete Cleanup in Cisco Application Policy Infrastructure Controller

CWE-320CWE-459Incomplete Cleanup6 documents5 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 86.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Application Policy Infrastructure ControllerCisco Application Policy Infrastructure Controller
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could all

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_application_policy_infrastructure_controllerunspecified4.2(0.33c)

🔴Vulnerability Details

2
GHSA
GHSA-f958-6c9p-jx25: A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical acc2022-05-24
CVEList
Cisco Application Policy Infrastructure Controller Recoverable Encryption Key Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Application Policy Infrastructure Controller Recoverable Encryption Key Vulnerability2019-05-01

💬Community

1
Bugzilla
CVE-2019-13300 ImageMagick: heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns2019-07-17
CVE-2019-1586 — Incomplete Cleanup in Cisco | cvebase