CVE-2019-1682

CWE-264 CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGH

EPSS

0.0%

top 86.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Application Policy Infrastructure Controller (apic)Cisco Application Policy Infrastructure Controller

Timeline

PublishedMay 3

Latest updateMay 24

Description

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successfu…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_application_policy_infrastructure_controller_(apic)unspecified — 4.1(1i)

▶NVDcisco/application_policy_infrastructure_controller< 4.1\(1i\)

🔴Vulnerability Details

GHSA

GHSA-w5xg-prmx-v5rm: A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticat↗2022-05-24

▶

CVEList

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability↗2019-05-03

▶

📋Vendor Advisories

Cisco

Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability↗2019-05-01

▶