CVE-2023-20011

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

8.8HIGH

EPSS

0.2%

top 53.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Application Policy Infrastructure Controller Cisco Cloud Network Controller Cisco Cisco Application Policy Infrastructure Controller (apic)

Timeline

PublishedFeb 23

Description

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the int…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5cisco/cisco_application_policy_infrastructure_controller_(apic)n/a

▶NVDcisco/cloud_network_controller4.2\(6\) — 25.0\(5\)

▶NVDcisco/application_policy_infrastructure_controller4.2\(6\) — 5.2\(7g\)+1

🔴Vulnerability Details

GHSA

GHSA-q8mg-c7m3-8c9j: A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller,↗2023-02-23

▶

CVEList

Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability↗2023-02-23

▶

📋Vendor Advisories

Cisco

Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability↗2023-02-22

▶