VYPR

Application Policy Infrastructure Controller \(apic\)

by Cisco Systems, Inc.

CVEs (31)

  • CVE-2021-1577CriAug 25, 2021
    risk 0.59cvss 9.1epss 0.01

    A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This…

  • CVE-2023-20011HigFeb 23, 2023
    risk 0.57cvss 8.8epss 0.00

    A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack…

  • CVE-2021-1578HigAug 25, 2021
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device.…

  • CVE-2021-1579HigAug 25, 2021
    risk 0.53cvss 8.1epss 0.02

    A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges…

  • CVE-2019-1682HigMay 3, 2019
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input…

  • CVE-2017-6768HigAug 17, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom…

  • CVE-2016-1420HigJun 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.

  • CVE-2019-1889HigJul 4, 2019
    risk 0.47cvss 7.2epss 0.03

    A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete…

  • CVE-2017-6767HigAug 17, 2017
    risk 0.46cvss 7.1epss 0.01

    A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those…

  • CVE-2024-20478MedAug 28, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a…

  • CVE-2021-1581MedAug 25, 2021
    risk 0.42cvss 6.5epss 0.01

    Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these…

  • CVE-2021-1580MedAug 25, 2021
    risk 0.42cvss 6.5epss 0.02

    Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these…

  • CVE-2019-1690MedMar 11, 2019
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control…

  • CVE-2025-20119MedFeb 26, 2025
    risk 0.39cvss 6.0epss 0.00

    A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. …

  • CVE-2026-20107MedFeb 25, 2026
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this…

  • CVE-2020-3335MedJun 3, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could…

  • CVE-2023-20230MedAug 23, 2023
    risk 0.35cvss 5.4epss 0.00

    A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated…

  • CVE-2021-1582MedAug 25, 2021
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input…

  • CVE-2020-3333MedJun 3, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An…

  • CVE-2020-3139MedJan 26, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be…

Page 1 of 2