Cisco Application Policy Infrastructure Controller vulnerabilities

CVE-2019-1889 [HIGH] CWE-264 CVE-2019-1889: A vulnerability in the REST API for software device management in Cisco Application Policy Infrastru A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded.

CVE-2019-1890 [MEDIUM] CWE-284 CVE-2019-1890: A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 S A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient

CVE-2019-1682 [HIGH] CWE-264 CVE-2019-1682: A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Con A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An a

CVE-2019-1838 [MEDIUM] CWE-79 CVE-2019-1838: A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Con A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied i

CVE-2019-1586 [MEDIUM] CWE-320 CVE-2019-1586: A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device.

CVE-2019-1692 [MEDIUM] CWE-200 CVE-2019-1692: A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Con A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric In

CVE-2019-1690 [MEDIUM] CWE-284 CVE-2019-1690: A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (A A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interfac

CVE-2017-12352 [MEDIUM] CWE-77 CVE-2017-12352: A vulnerability in certain system script files that are installed at boot time on Cisco Application A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of u

CVE-2017-6767 [HIGH] CWE-269 CVE-2017-6767: A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenti A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attac

CVE-2017-6768 [HIGH] CWE-426 CVE-2017-6768: A vulnerability in the build procedure for certain executable system files installed at boot time on A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libr

CVE-2016-6457 [MEDIUM] CWE-119 CVE-2016-6457: A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infras A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastr

CVE-2016-6413 [HIGH] CWE-264 CVE-2016-6413: The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3( The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496.

CVE-2015-6424 [HIGH] CWE-255 CVE-2015-6424: The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows loc The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.

CVE-2015-6333 [MEDIUM] CWE-264 CVE-2015-6333: Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.