CVE-2019-1690

CWE-284 — Improper Access Control4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 71.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Application Policy Infrastructure Controller (apic)Cisco Application Policy Infrastructure Controller

Timeline

PublishedMar 11

Latest updateMay 13

Description

A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_application_policy_infrastructure_controller_(apic)unspecified — 4.2(0.21c)

▶NVDcisco/application_policy_infrastructure_controller< 4.2\(0.21c\)

🔴Vulnerability Details

GHSA

GHSA-fpjm-2jxg-3phg: A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adja↗2022-05-13

▶

CVEList

Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability↗2019-03-11

▶

📋Vendor Advisories

Cisco

Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability↗2019-03-06

▶