Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2023-20230
HistoryAug 23, 2023 - 7:15 p.m.

CVE-2023-20230

2023-08-2319:15:08
CWE-732
CWE-284
cisco
web.nvd.nist.gov
2493
cisco
apic
vulnerability
cve-2023-20230
security
access control
multi-tenancy
nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

30.3%

JSON

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system.

This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.

Affected configurations

Nvd
Node
ciscoapplication_policy_infrastructure_controllerRange5.25.2\(8d\)
OR
ciscoapplication_policy_infrastructure_controllerRange6.06.0\(3d\)
VendorProductVersionCPE
ciscoapplication_policy_infrastructure_controller*cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Application Policy Infrastructure Controller (APIC)",
    "versions": [
      {
        "version": "5.2(6e)",
        "status": "affected"
      },
      {
        "version": "5.2(6g)",
        "status": "affected"
      },
      {
        "version": "5.2(7f)",
        "status": "affected"
      },
      {
        "version": "5.2(7g)",
        "status": "affected"
      },
      {
        "version": "6.0(1g)",
        "status": "affected"
      },
      {
        "version": "6.0(1j)",
        "status": "affected"
      },
      {
        "version": "6.0(2h)",
        "status": "affected"
      },
      {
        "version": "6.0(2j)",
        "status": "affected"
      }
    ]
  }
]

Related

vulnrichment 1
prion 1
nessus 1
nvd 1
cvelist 1
cisco 1
vulnrichment
vulnrichment
CVE-2023-20230
2023-08-23 18:21:39
prion
prion
Improper access control
2023-08-23 19:15:00
nessus
nessus
Cisco APIC Unauthorized Policy Actions (cisco-sa-apic-uapa-F4TAShk)
2023-09-01 00:00:00
nvd
nvd
CVE-2023-20230
2023-08-23 19:15:08
cvelist
cvelist
CVE-2023-20230
2023-08-23 18:21:39
cisco
cisco
Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability
2023-08-23 16:00:00

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

30.3%

JSON
Related for CVE-2023-20230
vulnrichment1prion1nessus1nvd1cvelist1cisco1