Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cisco application policy infrastructure controller vulnerabilities and exploits

(subscribe to this query)
7.8
CVSSv3
CVE-2017-6768
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local malicious user to gain root-level privileges. The vulnerability is due to a c...
Cisco Application Policy Infrastructure Controller 1.3\\(1\\)Cisco Application Policy Infrastructure Controller 1.1\\(1j\\)Cisco Application Policy Infrastructure Controller 2.0\\(1\\)Cisco Application Policy Infrastructure Controller 1.1\\(0.920a\\)Cisco Application Policy Infrastructure Controller 1.3\\(2\\)Cisco Application Policy Infrastructure Controller 1.3\\(2f\\)Cisco Application Policy Infrastructure Controller 1.2\\(2\\)Cisco Application Policy Infrastructure Controller 1.1\\(3f\\)Cisco Application Policy Infrastructure Controller 1.2 BaseCisco Application Policy Infrastructure Controller 1.2\\(3\\)Cisco Application Policy Infrastructure Controller 2.0 BaseCisco Application Policy Infrastructure Controller 1.2.2
7.1
CVSSv3
CVE-2017-6767
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote malicious user to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether t...
Cisco Application Policy Infrastructure Controller 1.0\\(3i\\)Cisco Application Policy Infrastructure Controller 1.1\\(3f\\)Cisco Application Policy Infrastructure Controller 1.3\\(1\\)Cisco Application Policy Infrastructure Controller 1.1\\(1j\\)Cisco Application Policy Infrastructure Controller 1.0\\(2j\\)Cisco Application Policy Infrastructure Controller 2.0 BaseCisco Application Policy Infrastructure Controller 1.0\\(3f\\)Cisco Application Policy Infrastructure Controller 1.2.2Cisco Application Policy Infrastructure Controller 1.2\\(3\\)Cisco Application Policy Infrastructure Controller 1.0\\(1h\\)Cisco Application Policy Infrastructure Controller 1.0\\(2m\\)Cisco Application Policy Infrastructure Controller 1.0\\(1k\\)Cisco Application Policy Infrastructure Controller 1.0\\(1n\\)Cisco Application Policy Infrastructure Controller 1.1\\(0.920a\\)Cisco Application Policy Infrastructure Controller 1.0\\(1e\\)Cisco Application Policy Infrastructure Controller 1.0\\(3n\\)Cisco Application Policy Infrastructure Controller 1.0\\(4h\\)Cisco Application Policy Infrastructure Controller 1.3\\(2f\\)Cisco Application Policy Infrastructure Controller 2.0\\(1\\)Cisco Application Policy Infrastructure Controller 1.0\\(4o\\)Cisco Application Policy Infrastructure Controller 1.0\\(3k\\)Cisco Application Policy Infrastructure Controller 1.2 Base
6.1
CVSSv3
CVE-2015-6337
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote malicious users to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.
Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10Cisco Application Policy Infrastructure Controller Enterprise Module 1.0 Ga
9.8
CVSSv3
CVE-2021-1393
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote malicious user to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For mor...
Cisco Application Services EngineCisco Application Policy Infrastructure Controller 1.1.3
6.5
CVSSv3
CVE-2021-1396
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote malicious user to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For mor...
Cisco Application Services EngineCisco Application Policy Infrastructure Controller 1.1.3
6.1
CVSSv3
CVE-2016-1305
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote malicious users to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.
Cisco Application Policy Infrastructure Controller Enterprise Module 1.1 Base
8.8
CVSSv3
CVE-2016-1302
Cisco Application Policy Infrastructure Controller (APIC) devices with software prior to 1.0(3h) and 1.1 prior to 1.1(1j) and Nexus 9000 ACI Mode switches with software prior to 11.0(3h) and 11.1 prior to 11.1(1j) allow remote authenticated users to bypass intended RBAC restricti...
Cisco Application Policy Infrastructure Controller 1.0\\\\\\(1k\\\\\\)Cisco Application Policy Infrastructure Controller 1.0\\\\\\(1h\\\\\\)Cisco Application Policy Infrastructure Controller 1.0\\\\\\(3f\\\\\\)Cisco Application Policy Infrastructure Controller 1.0\\\\\\(2m\\\\\\)Cisco Application Policy Infrastructure Controller 1.0\\\\\\(2j\\\\\\)Cisco Application Policy Infrastructure Controller 1.0\\\\\\(1n\\\\\\)Cisco Application Policy Infrastructure Controller 1.0\\\\\\(1e\\\\\\)Cisco Application Policy Infrastructure Controller 1.1\\\\\\(0.920a\\\\\\)Cisco Nx-os 11.0\\\\\\(3f\\\\\\)Cisco Nx-os 11.0\\\\\\(2m\\\\\\)Cisco Nx-os 11.0\\\\\\(1d\\\\\\)Cisco Nx-os 11.0\\\\\\(1c\\\\\\)Cisco Nx-os BaseCisco Nx-os 11.0\\\\\\(1b\\\\\\)Cisco Nx-os 11.0\\\\\\(2j\\\\\\)Cisco Nx-os 11.0\\\\\\(1e\\\\\\)
8.8
CVSSv3
CVE-2017-12262
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent malicious user to gain privileged access to services only available on the internal network of the devi...
Cisco Application Policy Infrastructure Controller Enterprise Module
7.5
CVSSv3
CVE-2016-1386
The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote malicious users to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.
Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.\\(1\\)
6.5
CVSSv3
CVE-2016-6457
A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent malicious user to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9...
Cisco Application Policy Infrastructure Controller 2.0\\(1\\)Cisco Application Policy Infrastructure Controller 1.2\\(3\\)Cisco Application Policy Infrastructure Controller 1.2\\(2\\)Cisco Application Policy Infrastructure Controller 1.3\\(2\\)Cisco Application Policy Infrastructure Controller 1.3\\(1\\)Cisco Nx-os 11.2\\(3e\\)Cisco Nx-os 11.2\\(3h\\)Cisco Nx-os 12.0\\(1m\\)Cisco Nx-os 11.2\\(2g\\)Cisco Nx-os 11.2\\(2h\\)Cisco Nx-os 12.0\\(1q\\)Cisco Nx-os 12.0\\(1n\\)Cisco Nx-os 11.3\\(2h\\)Cisco Nx-os 11.3\\(1i\\)Cisco Nx-os 11.3\\(2i\\)Cisco Nx-os 12.0\\(1p\\)Cisco Nx-os 11.2\\(3c\\)Cisco Nx-os 12.0\\(1o\\)Cisco Nx-os 11.3\\(2f\\)Cisco Nx-os 11.2\\(2i\\)
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook