2 results (0.003 seconds)

CVSS: 7.7EPSS: 0%CPEs: 222EXPL: 0

CVE-2024-20478 – Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2024-20478

28 Aug 2024 — A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified s... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU • CWE-250: Execution with Unnecessary Privileges •

CVSS: 4.3EPSS: 0%CPEs: 221EXPL: 0

CVE-2024-20279 – Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability

https://notcve.org/view.php?id=CVE-2024-20279

28 Aug 2024 — A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploi... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq • CWE-284: Improper Access Control •