CVE-2024-20279

CWE-284Improper Access Control4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 49.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Application Policy Infrastructure Controller (apic)Cisco Application Policy Infrastructure Controller
Timeline
PublishedAug 28

Description

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-wxwr-gxwh-c78c: A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authentic2024-08-28
CVEList
Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability2024-08-28

📋Vendor Advisories

1
Cisco
Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability2024-08-28
CVE-2024-20279 (MEDIUM CVSS 4.3) | A vulnerability in the restricted s | cvebase.io