Cisco Cloud Application Policy Infrastructure Controller vulnerabilities
6 known vulnerabilities affecting cisco/cloud_application_policy_infrastructure_controller.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-1577CRITICALCVSS 9.1fixed in 3.2\(10e\)≥ 4.0, < 4.2\(6h\)+1 more2021-08-25
CVE-2021-1577 [CRITICAL] CWE-284 CVE-2021-1577: A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker could exploi
nvd
CVE-2021-1581CRITICALCVSS 9.1fixed in 3.2\(10f\)≥ 4.0, < 4.2\(7l\)+1 more2021-08-25
CVE-2021-1581 [MEDIUM] CWE-284 CVE-2021-1581: Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
nvd
CVE-2021-1580HIGHCVSS 7.2fixed in 3.2\(10e\)≥ 4.0, < 4.2\(6h\)+1 more2021-08-25
CVE-2021-1580 [MEDIUM] CWE-284 CVE-2021-1580: Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
nvd
CVE-2021-1579HIGHCVSS 8.8fixed in 3.2\(10f\)≥ 4.0, < 4.2\(7l\)+1 more2021-08-25
CVE-2021-1579 [HIGH] CWE-250 CVE-2021-1579: A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-base
nvd
CVE-2021-1578HIGHCVSS 8.8≥ 5.0, ≤ 5.1\(3e\)v5.0\(2h\)2021-08-25
CVE-2021-1578 [HIGH] CWE-636 CVE-2021-1578: A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is due to an improper policy default setting. An attacker c
nvd
CVE-2021-1582MEDIUMCVSS 5.4fixed in 3.2\(10f\)≥ 4.0, < 4.2\(7i\)+1 more2021-08-25
CVE-2021-1582 [MEDIUM] CWE-79 CVE-2021-1582: A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco
A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerabilit
nvd