Cisco Application Policy Infrastructure Controller vulnerabilities

26 known vulnerabilities affecting cisco/cisco_application_policy_infrastructure_controller.

Total CVEs

26

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH7MEDIUM17

Vulnerabilities

Page 2 of 2

CVE-2019-1838MEDIUMCVSS 5.4≥ unspecified, < 4.1(1i)2019-05-03

CVE-2019-1838 [MEDIUM] CWE-79 CVE-2019-1838: A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Con A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied i

CVE-2019-1586MEDIUMCVSS 4.6≥ unspecified, < 4.2(0.33c)2019-05-03

CVE-2019-1586 [MEDIUM] CWE-320 CVE-2019-1586: A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device.

CVE-2019-1692MEDIUMCVSS 5.3≥ unspecified, < 4.1(1i)2019-05-03

CVE-2019-1692 [MEDIUM] CWE-200 CVE-2019-1692: A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Con A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric In

CVE-2019-1587MEDIUMCVSS 4.3≥ unspecified, < 4.2(0.33c)2019-05-03

CVE-2019-1587 [MEDIUM] CWE-399 CVE-2019-1587: A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (AC A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain

CVE-2019-1690MEDIUMCVSS 6.5≥ unspecified, < 4.2(0.21c)2019-03-11

CVE-2019-1690 [MEDIUM] CWE-284 CVE-2019-1690: A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (A A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interfac

CVE-2017-12352MEDIUMCVSS 6.7vCisco Application Policy Infrastructure Controller2017-11-30

CVE-2017-12352 [MEDIUM] CWE-77 CVE-2017-12352: A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an a A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The v

← Previous2 / 2