Application Policy Infrastructure Controller
Monthly
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.
A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.