Cisco Application Policy Infrastructure Controller vulnerabilities

CVE-2026-20107 [MEDIUM] CWE-1220 CVE-2026-20107: A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Control A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role th

CVE-2025-20116 [MEDIUM] CWE-79 CVE-2025-20116: A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vuln

CVE-2025-20118 [MEDIUM] CWE-212 CVE-2025-20118: A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient masking of sensitive information tha

CVE-2025-20117 [MEDIUM] CWE-77 CVE-2025-20117: A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arb A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of arguments that are passed

CVE-2025-20119 [MEDIUM] CWE-362 CVE-2025-20119: A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, l A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to a race condition with handling system files. An

CVE-2024-20478 [HIGH] CWE-250 CVE-2024-20478: A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Control A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.

CVE-2024-20279 [MEDIUM] CWE-284 CVE-2024-20279: A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrast A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when rest

CVE-2023-20230 [MEDIUM] CWE-284 CVE-2023-20230: A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrast A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerabilit

CVE-2023-20011 [HIGH] CWE-352 CVE-2023-20011: A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Con A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF pro

CVE-2021-1577 [CRITICAL] CWE-284 CVE-2021-1577: A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker could exploi

CVE-2021-1581 [CRITICAL] CWE-284 CVE-2021-1581: Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1580 [HIGH] CWE-284 CVE-2021-1580: Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1579 [HIGH] CWE-250 CVE-2021-1579: A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-base

CVE-2021-1578 [HIGH] CWE-636 CVE-2021-1578: A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is due to an improper policy default setting. An attacker c

CVE-2021-1582 [MEDIUM] CWE-79 CVE-2021-1582: A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerabilit

CVE-2020-3335 [MEDIUM] CWE-306 CVE-2020-3335: A vulnerability in the key store of Cisco Application Services Engine Software could allow an authen A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with

CVE-2020-3333 [MEDIUM] CWE-306 CVE-2020-3333: A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthentica A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP re

CVE-2020-3139 [MEDIUM] CWE-20 CVE-2020-3139: A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Ap A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should

CVE-2019-1889 [HIGH] CWE-264 CVE-2019-1889: A vulnerability in the REST API for software device management in Cisco Application Policy Infrastru A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded.

CVE-2019-1682 [HIGH] CWE-264 CVE-2019-1682: A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Con A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An a