CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
30.3%
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system.
This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | application_policy_infrastructure_controller | * | cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:* |
[
{
"vendor": "Cisco",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"versions": [
{
"version": "5.2(6e)",
"status": "affected"
},
{
"version": "5.2(6g)",
"status": "affected"
},
{
"version": "5.2(7f)",
"status": "affected"
},
{
"version": "5.2(7g)",
"status": "affected"
},
{
"version": "6.0(1g)",
"status": "affected"
},
{
"version": "6.0(1j)",
"status": "affected"
},
{
"version": "6.0(2h)",
"status": "affected"
},
{
"version": "6.0(2j)",
"status": "affected"
}
]
}
]