CVSS: 6.0EPSS: 0%CPEs: 128EXPL: 0CVE-2025-20119 – Cisco Application Policy Infrastructure Controller Authenticated Local Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20119
26 Feb 2025 — A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 128EXPL: 0CVE-2025-20118 – Cisco Application Policy Infrastructure Controller Authenticated Command Injection Due to Sensitive Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-20118
26 Feb 2025 — A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful explo... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 5.1EPSS: 0%CPEs: 128EXPL: 0CVE-2025-20117 – Cisco Application Policy Infrastructure Controller Authenticated Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-20117
26 Feb 2025 — A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.8EPSS: 0%CPEs: 128EXPL: 0CVE-2025-20116 – Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2025-20116
26 Feb 2025 — A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the co... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 222EXPL: 0CVE-2024-20478 – Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-20478
28 Aug 2024 — A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified s... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU • CWE-250: Execution with Unnecessary Privileges •
CVSS: 4.3EPSS: 0%CPEs: 221EXPL: 0CVE-2024-20279 – Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability
https://notcve.org/view.php?id=CVE-2024-20279
28 Aug 2024 — A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploi... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq • CWE-284: Improper Access Control •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 0CVE-2015-4235
https://notcve.org/view.php?id=CVE-2015-4235
24 Jul 2015 — Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991. Vulnerabilidad en dispositivos Cisco Application Policy Infrastructure Contro... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic • CWE-264: Permissions, Privileges, and Access Controls •