CVE-2024-20478

CWE-2504 documents4 sources
Severity
7.2HIGH
EPSS
0.3%
top 49.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Application Policy Infrastructure Controller (apic)Cisco Application Policy Infrastructure Controller
Timeline
PublishedAug 28

Description

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a mo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability2024-08-28
GHSA
GHSA-j3cr-gpf3-q8w2: A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, for2024-08-28

📋Vendor Advisories

1
Cisco
Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability2024-08-28
CVE-2024-20478 (HIGH CVSS 7.2) | A vulnerability in the software upg | cvebase.io