CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1582 – Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-1582
25 Aug 2021 — A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based in... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-scss-bFT75YrM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 3%CPEs: 6EXPL: 0CVE-2021-1581 – Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1581
25 Aug 2021 — Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de usuario web y los endpoints de la API de Cisco Application Policy Infrastructure Controller (APIC) o Cisco Cloud APIC podrían permi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1580 – Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1580
25 Aug 2021 — Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de usuario web y los endpoints de la API de Cisco Application Policy Infrastructure Controller (APIC) o Cisco Cloud APIC podrían permi... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-1579 – Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1579
25 Aug 2021 — A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an ap... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 1%CPEs: 6EXPL: 0CVE-2021-1577 – Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-1577
25 Aug 2021 — A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker could exploit this vulnerability by using a specific API endpoint to upload a file to an affected device. A successful exploit could allow the attacker to read or write arb... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-frw-Nt3RYxR2 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3139 – Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3139
26 Jan 2020 — A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP po... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iptable-bypass-GxW88XjL • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2019-1889 – Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1889
04 Jul 2019 — A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate th... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ccapic-restapi • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1838 – Cisco Application Policy Infrastructure Controller Web-Based Management Interface Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1838
03 May 2019 — A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A succ... • http://www.securityfocus.com/bid/108169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1692 – Cisco Application Policy Infrastructure Controller Web-Based Management Interface Usage Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1692
03 May 2019 — A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit... • http://www.securityfocus.com/bid/108155 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1682 – Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1682
03 May 2019 — A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit co... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-apic-priv-escalation • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •