CWE-250

CVE-2024-0084 (GCVE-0-2024-0084)

Vulnerability from cvelistv5 – Published: 2024-06-13 21:23 – Updated: 2024-08-01 17:41

Title

CVE

Summary

NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-250

Assigner

nvidia

References

1 reference

URL	Tags
https://nvidia.custhelp.com/app/answers/detail/a_…

Impacted products

1 product

Vendor	Product	Version
nvidia	vGPU software and Cloud Gaming	Affected: All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nvidia:virtual_gpu_graphics_driver:13.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "virtual_gpu_graphics_driver",
            "vendor": "nvidia",
            "versions": [
              {
                "lessThan": "13.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "16.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0084",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-15T03:55:37.767Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:15.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "vGPU software and Cloud Gaming",
          "vendor": "nvidia",
          "versions": [
            {
              "status": "affected",
              "version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service."
            }
          ],
          "value": "NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Information disclosure, data tampering, escalation of privileges, denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T21:23:31.105Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2024-0084",
    "datePublished": "2024-06-13T21:23:31.105Z",
    "dateReserved": "2023-12-02T00:41:55.036Z",
    "dateUpdated": "2024-08-01T17:41:15.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11075 (GCVE-0-2024-11075)

Vulnerability from cvelistv5 – Published: 2024-11-19 13:13 – Updated: 2024-11-19 14:13

Title

SICK Incoming Goods Suite privilege escalation vulnerability

Summary

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

SICK AG

References

6 references

URL	Tags
https://sick.com/psirt	x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_…	x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ic…	x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1	x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2024/…	vendor-advisory
https://www.sick.com/.well-known/csaf/white/2024/…	vendor-advisoryx_csaf

Impacted products

1 product

Vendor	Product	Version
SICK AG	SICK Incoming Goods Suite	Affected: 1.0.0

Date Public

2024-11-18 23:32

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sick_ag:incoming_goods_suite:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "incoming_goods_suite",
            "vendor": "sick_ag",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11075",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T14:11:17.363737Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T14:13:07.706Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SICK Incoming Goods Suite",
          "vendor": "SICK AG",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0"
            }
          ]
        }
      ],
      "datePublic": "2024-11-18T23:32:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system.\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-19T13:13:00.565Z",
        "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
        "shortName": "SICK AG"
      },
      "references": [
        {
          "tags": [
            "x_SICK PSIRT Website"
          ],
          "url": "https://sick.com/psirt"
        },
        {
          "tags": [
            "x_SICK Operating Guidelines"
          ],
          "url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
        },
        {
          "tags": [
            "x_ICS-CERT recommended practices on Industrial Security"
          ],
          "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
        },
        {
          "tags": [
            "x_CVSS v3.1 Calculator"
          ],
          "url": "https://www.first.org/cvss/calculator/3.1"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.pdf"
        },
        {
          "tags": [
            "vendor-advisory",
            "x_csaf"
          ],
          "url": "https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0005.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eCustomers are strongly recommended to upgrade to the latest release 1.1.0. In addition, we recommend running the Docker daemon and container runtime in rootless mode. It is necessary to set the DOCKER_USER_ID and the DOCKER_GROUP_ID in the environment. Then the Docker socket can run as a non-root user when setting the path DOCKER_SOCKET_PATH=/run/user/${DOCKER_USER_ID}/docker.sock.\u003c/div\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Customers are strongly recommended to upgrade to the latest release 1.1.0. In addition, we recommend running the Docker daemon and container runtime in rootless mode. It is necessary to set the DOCKER_USER_ID and the DOCKER_GROUP_ID in the environment. Then the Docker socket can run as a non-root user when setting the path DOCKER_SOCKET_PATH=/run/user/${DOCKER_USER_ID}/docker.sock."
        }
      ],
      "source": {
        "advisory": "sca-2024-0005",
        "discovery": "INTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-11-19T12:44:00.000Z",
          "value": "1: Inital version"
        }
      ],
      "title": "SICK Incoming Goods Suite privilege escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
    "assignerShortName": "SICK AG",
    "cveId": "CVE-2024-11075",
    "datePublished": "2024-11-19T13:13:00.565Z",
    "dateReserved": "2024-11-11T09:08:53.239Z",
    "dateUpdated": "2024-11-19T14:13:07.706Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-11821 (GCVE-0-2024-11821)

Vulnerability from cvelistv5 – Published: 2025-03-20 10:08 – Updated: 2025-03-20 18:59

Title

Privilege Escalation in langgenius/dify

Summary

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint /console/api/apps/{chatbot-id}/model-config, allowing unauthorized users to alter chatbot configurations.

Severity

4.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

@huntr_ai

References

1 reference

URL	Tags
https://huntr.com/bounties/76d5986d-3882-4ea7-81c…

Impacted products

1 product

Vendor	Product	Version
langgenius	langgenius/dify	Affected: unspecified , ≤ latest (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-11821",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-20T17:51:58.375144Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T18:59:58.023Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "langgenius/dify",
          "vendor": "langgenius",
          "versions": [
            {
              "lessThanOrEqual": "latest",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint /console/api/apps/{chatbot-id}/model-config, allowing unauthorized users to alter chatbot configurations."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-20T10:08:59.022Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/76d5986d-3882-4ea7-81cb-f00400e5c6b6"
        }
      ],
      "source": {
        "advisory": "76d5986d-3882-4ea7-81cb-f00400e5c6b6",
        "discovery": "EXTERNAL"
      },
      "title": "Privilege Escalation in langgenius/dify"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-11821",
    "datePublished": "2025-03-20T10:08:59.022Z",
    "dateReserved": "2024-11-26T17:02:52.572Z",
    "dateUpdated": "2025-03-20T18:59:58.023Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1222 (GCVE-0-2024-1222)

Vulnerability from cvelistv5 – Published: 2024-03-14 03:03 – Updated: 2024-09-26 03:50

Title

Incorrect authorization controls in PaperCut NG/MF APIs

Summary

This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.

Severity

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

PaperCut

References

1 reference

URL	Tags
https://www.papercut.com/kb/Main/Security-Bulleti…

Impacted products

1 product

Vendor	Product	Version
PaperCut	PaperCut NG, PaperCut MF	Affected: 0 , < 23.0.7 (custom) Affected: 0 , < 22.1.5 (custom) Affected: 0 , < 21.2.14 (custom) Affected: 0 , < 20.1.10 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:33:25.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "papercut_mf",
            "vendor": "papercut",
            "versions": [
              {
                "lessThan": "23.0.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "22.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "21.2.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "20.1.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "papercut_ng",
            "vendor": "papercut",
            "versions": [
              {
                "lessThan": "23.0.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "22.1.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "21.2.14",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "20.1.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1222",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-26T04:00:45.176980Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T15:10:56.143Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "MacOS",
            "Linux",
            "Windows"
          ],
          "product": "PaperCut NG, PaperCut MF",
          "vendor": "PaperCut",
          "versions": [
            {
              "changes": [
                {
                  "at": "23.0.7",
                  "status": "unaffected"
                }
              ],
              "lessThan": "23.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "22.1.5",
                  "status": "unaffected"
                }
              ],
              "lessThan": "22.1.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "21.2.14",
                  "status": "unaffected"
                }
              ],
              "lessThan": "21.2.14",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "20.1.10",
                  "status": "unaffected"
                }
              ],
              "lessThan": "20.1.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250: Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-26T03:50:54.624Z",
        "orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
        "shortName": "PaperCut"
      },
      "references": [
        {
          "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect authorization controls in PaperCut NG/MF APIs",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
    "assignerShortName": "PaperCut",
    "cveId": "CVE-2024-1222",
    "datePublished": "2024-03-14T03:03:18.638Z",
    "dateReserved": "2024-02-05T04:34:00.207Z",
    "dateUpdated": "2024-09-26T03:50:54.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12673 (GCVE-0-2024-12673)

Vulnerability from cvelistv5 – Published: 2025-02-12 20:31 – Updated: 2025-02-12 20:53

Summary

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1)

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

lenovo

References

1 reference

URL	Tags
https://support.lenovo.com/us/en/product_security…

Impacted products

1 product

Vendor	Product	Version
Lenovo	Vantage	Affected: 0 , < 10.2501.15.0 (custom)

Credits

Lenovo thanks xmcp for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T20:53:22.079128Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:53:30.448Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vantage",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "10.2501.15.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:lenovo:vantage:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.2501.15.0",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lenovo thanks xmcp for reporting this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system.\u003c/p\u003e\u003cp\u003eThis vulnerability only affects Vantage installed on these devices:\u003c/p\u003e\u003cul\u003e\u003cli\u003eLenovo V Series (Gen 5)\u003c/li\u003e\u003cli\u003eThinkBook 14 (Gen 6, 7)\u003c/li\u003e\u003cli\u003eThinkBook 16 (Gen 6, 7)\u003c/li\u003e\u003cli\u003eThinkPad E Series (Gen 1)\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system.\n\nThis vulnerability only affects Vantage installed on these devices:\n\n  *  Lenovo V Series (Gen 5)\n  *  ThinkBook 14 (Gen 6, 7)\n  *  ThinkBook 16 (Gen 6, 7)\n  *  ThinkPad E Series (Gen 1)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-12T20:31:18.910Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-183176"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update Lenovo Vantage to version 10.2501.15.0 (or newer).\n\n\u003cbr\u003e"
            }
          ],
          "value": "Update Lenovo Vantage to version 10.2501.15.0 (or newer)."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2024-12673",
    "datePublished": "2025-02-12T20:31:18.910Z",
    "dateReserved": "2024-12-16T15:55:03.945Z",
    "dateUpdated": "2025-02-12T20:53:30.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-13090 (GCVE-0-2024-13090)

Vulnerability from cvelistv5 – Published: 2025-06-10 10:31 – Updated: 2025-06-10 14:28

Title

Privilege escalation in Guardian/CMC before 24.6.0

Summary

A privilege escalation vulnerability may enable a service account to elevate its privileges. The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account. It is important to note that no such vector has been identified in this instance.

Severity

7.3 (High)


                        
                          CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

Nozomi

References

1 reference

URL	Tags
https://security.nozominetworks.com/NN-2025:2-01

Impacted products

2 products

Vendor	Product	Version
Nozomi Networks	Guardian	Affected: 0 , < 24.6.0 (semver)
Nozomi Networks	CMC	Affected: 0 , < 24.6.0 (semver)

Credits

IOActive found this issue during a VAPT testing session commissioned by one of our customers.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-13090",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T14:27:13.979159Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T14:28:19.863Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Guardian",
          "vendor": "Nozomi Networks",
          "versions": [
            {
              "lessThan": "24.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CMC",
          "vendor": "Nozomi Networks",
          "versions": [
            {
              "lessThan": "24.6.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "IOActive found this issue during a VAPT testing session commissioned by one of our customers."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eA privilege escalation vulnerability may enable a service account to elevate its privileges.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eThe sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account.\u003c/div\u003e\u003cdiv\u003eIt is important to note that no such vector has been identified in this instance.\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "A privilege escalation vulnerability may enable a service account to elevate its privileges.\n\n\n\nThe sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account.\n\nIt is important to note that no such vector has been identified in this instance."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-69",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-69 Target Programs with Elevated Privileges"
            }
          ]
        },
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250: Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T10:31:02.099Z",
        "orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
        "shortName": "Nozomi"
      },
      "references": [
        {
          "url": "https://security.nozominetworks.com/NN-2025:2-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eUpgrade to v24.6.0 or later.\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "Upgrade to v24.6.0 or later."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Privilege escalation in Guardian/CMC before 24.6.0",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
    "assignerShortName": "Nozomi",
    "cveId": "CVE-2024-13090",
    "datePublished": "2025-06-10T10:31:02.099Z",
    "dateReserved": "2024-12-31T11:12:59.363Z",
    "dateUpdated": "2025-06-10T14:28:19.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20420 (GCVE-0-2024-20420)

Vulnerability from cvelistv5 – Published: 2024-10-16 16:15 – Updated: 2024-10-31 13:12

Title

Cisco ATA 190 Series Analog Telephone Adapter Firmware Privilege Escalation Vulnerability

Summary

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user.

Severity

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

1 product

Vendor	Product	Version
Cisco	Cisco Analog Telephone Adaptor (ATA) Software	Affected: 12.0.1 SR2 Affected: 11.1.0 Affected: 12.0.1 SR1 Affected: 11.1.0 MSR1 Affected: 11.1.0 MSR2 Affected: 11.1.0 MSR3 Affected: 11.1.0 MSR4 Affected: 12.0.1 SR3 Affected: 11.2.1 Affected: 12.0.1 SR4 Affected: 11.2.2 Affected: 11.2.2 MSR1 Affected: 12.0.1 SR5 Affected: 11.2.3 Affected: 11.2.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20420",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T18:21:34.751205Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:12:38.857Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Analog Telephone Adaptor (ATA) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.0.1 SR2"
            },
            {
              "status": "affected",
              "version": "11.1.0"
            },
            {
              "status": "affected",
              "version": "12.0.1 SR1"
            },
            {
              "status": "affected",
              "version": "11.1.0 MSR1"
            },
            {
              "status": "affected",
              "version": "11.1.0 MSR2"
            },
            {
              "status": "affected",
              "version": "11.1.0 MSR3"
            },
            {
              "status": "affected",
              "version": "11.1.0 MSR4"
            },
            {
              "status": "affected",
              "version": "12.0.1 SR3"
            },
            {
              "status": "affected",
              "version": "11.2.1"
            },
            {
              "status": "affected",
              "version": "12.0.1 SR4"
            },
            {
              "status": "affected",
              "version": "11.2.2"
            },
            {
              "status": "affected",
              "version": "11.2.2 MSR1"
            },
            {
              "status": "affected",
              "version": "12.0.1 SR5"
            },
            {
              "status": "affected",
              "version": "11.2.3"
            },
            {
              "status": "affected",
              "version": "11.2.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. \r\n\r\nThis vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-16T16:15:45.633Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ata19x-multi-RDTEqRsy",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ata19x-multi-RDTEqRsy",
        "defects": [
          "CSCwf28191"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco ATA 190 Series Analog Telephone Adapter Firmware Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20420",
    "datePublished": "2024-10-16T16:15:45.633Z",
    "dateReserved": "2023-11-08T15:08:07.664Z",
    "dateUpdated": "2024-10-31T13:12:38.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20435 (GCVE-0-2024-20435)

Vulnerability from cvelistv5 – Published: 2024-07-17 16:27 – Updated: 2024-08-01 21:59

Summary

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

1 product

Vendor	Product	Version
Cisco	Cisco Secure Web Appliance	Affected: 11.7.0-406 Affected: 11.7.0-418 Affected: 11.7.1-049 Affected: 11.7.1-006 Affected: 11.7.1-020 Affected: 11.7.2-011 Affected: 11.8.0-414 Affected: 11.8.1-023 Affected: 11.8.3-018 Affected: 11.8.3-021 Affected: 12.0.1-268 Affected: 12.0.3-007 Affected: 12.5.2-007 Affected: 12.5.1-011 Affected: 12.5.4-005 Affected: 12.5.5-004 Affected: 12.5.6-008 Affected: 14.5.0-498 Affected: 14.5.1-016 Affected: 14.5.2-011 Affected: 14.0.3-014 Affected: 14.0.2-012 Affected: 14.0.4-005 Affected: 14.0.5-007 Affected: 15.0.0-322 Affected: 15.0.0-355 Affected: 15.1.0-287

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:cisco:secure_web_appliance:11.7.0-406:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:11.7.0-418:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:11.7.1-006:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:11.7.1-020:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:11.7.1-049:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:11.7.2-011:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:11.8.0-414:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:11.8.1-023:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:11.8.3-018:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:11.8.3-021:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:12.0.1-268:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:12.0.3-007:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:12.5.1-011:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:12.5.2-007:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:12.5.4-005:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:12.5.5-004:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:12.5.6-008:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:14.0.2-012:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:14.0.3-014:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:14.0.4-005:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:14.0.5-007:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:14.5.0-498:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:14.5.1-016:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:14.5.2-011:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:15.0.0-322:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:15.0.0-355:*:*:*:*:*:*:*",
              "cpe:2.3:h:cisco:secure_web_appliance:15.1.0-287:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "secure_web_appliance",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.7.0-406"
              },
              {
                "status": "affected",
                "version": "11.7.0-418"
              },
              {
                "status": "affected",
                "version": "11.7.1-006"
              },
              {
                "status": "affected",
                "version": "11.7.1-020"
              },
              {
                "status": "affected",
                "version": "11.7.1-049"
              },
              {
                "status": "affected",
                "version": "11.7.2-011"
              },
              {
                "status": "affected",
                "version": "11.8.0-414"
              },
              {
                "status": "affected",
                "version": "11.8.1-023"
              },
              {
                "status": "affected",
                "version": "11.8.3-018"
              },
              {
                "status": "affected",
                "version": "11.8.3-021"
              },
              {
                "status": "affected",
                "version": "12.0.1-268"
              },
              {
                "status": "affected",
                "version": "12.0.3-007"
              },
              {
                "status": "affected",
                "version": "12.5.1-011"
              },
              {
                "status": "affected",
                "version": "12.5.2-007"
              },
              {
                "status": "affected",
                "version": "12.5.4-005"
              },
              {
                "status": "affected",
                "version": "12.5.5-004"
              },
              {
                "status": "affected",
                "version": "12.5.6-008"
              },
              {
                "status": "affected",
                "version": "14.0.2-012"
              },
              {
                "status": "affected",
                "version": "14.0.3-014"
              },
              {
                "status": "affected",
                "version": "14.0.4-005"
              },
              {
                "status": "affected",
                "version": "14.0.5-007"
              },
              {
                "status": "affected",
                "version": "14.5.0-498"
              },
              {
                "status": "affected",
                "version": "14.5.1-016"
              },
              {
                "status": "affected",
                "version": "14.5.2-011"
              },
              {
                "status": "affected",
                "version": "15.0.0-322"
              },
              {
                "status": "affected",
                "version": "15.0.0-355"
              },
              {
                "status": "affected",
                "version": "15.1.0-287"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20435",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T17:15:02.287832Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T17:28:04.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-swa-priv-esc-7uHpZsCC",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Web Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.7.0-406"
            },
            {
              "status": "affected",
              "version": "11.7.0-418"
            },
            {
              "status": "affected",
              "version": "11.7.1-049"
            },
            {
              "status": "affected",
              "version": "11.7.1-006"
            },
            {
              "status": "affected",
              "version": "11.7.1-020"
            },
            {
              "status": "affected",
              "version": "11.7.2-011"
            },
            {
              "status": "affected",
              "version": "11.8.0-414"
            },
            {
              "status": "affected",
              "version": "11.8.1-023"
            },
            {
              "status": "affected",
              "version": "11.8.3-018"
            },
            {
              "status": "affected",
              "version": "11.8.3-021"
            },
            {
              "status": "affected",
              "version": "12.0.1-268"
            },
            {
              "status": "affected",
              "version": "12.0.3-007"
            },
            {
              "status": "affected",
              "version": "12.5.2-007"
            },
            {
              "status": "affected",
              "version": "12.5.1-011"
            },
            {
              "status": "affected",
              "version": "12.5.4-005"
            },
            {
              "status": "affected",
              "version": "12.5.5-004"
            },
            {
              "status": "affected",
              "version": "12.5.6-008"
            },
            {
              "status": "affected",
              "version": "14.5.0-498"
            },
            {
              "status": "affected",
              "version": "14.5.1-016"
            },
            {
              "status": "affected",
              "version": "14.5.2-011"
            },
            {
              "status": "affected",
              "version": "14.0.3-014"
            },
            {
              "status": "affected",
              "version": "14.0.2-012"
            },
            {
              "status": "affected",
              "version": "14.0.4-005"
            },
            {
              "status": "affected",
              "version": "14.0.5-007"
            },
            {
              "status": "affected",
              "version": "15.0.0-322"
            },
            {
              "status": "affected",
              "version": "15.0.0-355"
            },
            {
              "status": "affected",
              "version": "15.1.0-287"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root.\r\n\r This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T16:27:59.858Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-swa-priv-esc-7uHpZsCC",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-priv-esc-7uHpZsCC"
        }
      ],
      "source": {
        "advisory": "cisco-sa-swa-priv-esc-7uHpZsCC",
        "defects": [
          "CSCwj30015"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20435",
    "datePublished": "2024-07-17T16:27:59.858Z",
    "dateReserved": "2023-11-08T15:08:07.667Z",
    "dateUpdated": "2024-08-01T21:59:42.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20478 (GCVE-0-2024-20478)

Vulnerability from cvelistv5 – Published: 2024-08-28 16:30 – Updated: 2024-09-06 14:11

Title

Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

Summary

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root. Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

1 product

Vendor	Product	Version
Cisco	Cisco Application Policy Infrastructure Controller (APIC)	Affected: 3.2(8d) Affected: 2.2(1o) Affected: 1.2(2h) Affected: 2.2(2i) Affected: 1.2(1k) Affected: 2.2(1k) Affected: 3.1(2m) Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 1.1(1o) Affected: 1.2(1m) Affected: 1.2(2j) Affected: 2.2(4r) Affected: 2.2(3j) Affected: 1.1(3f) Affected: 2.2(2f) Affected: 1.1(4m) Affected: 2.2(2k) Affected: 2.1(1i) Affected: 2.0(1p) Affected: 3.1(2p) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 1.1(4e) Affected: 4.1(1k) Affected: 2.2(4f) Affected: 2.1(3h) Affected: 3.2(4d) Affected: 2.0(1n) Affected: 2.0(1m) Affected: 2.0(1r) Affected: 2.1(2e) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 2.0(1l) Affected: 2.2(2e) Affected: 2.2(3r) Affected: 3.0(2k) Affected: 2.1(3g) Affected: 4.0(1h) Affected: 2.0(1o) Affected: 2.2(3p) Affected: 1.2(3e) Affected: 2.2(3s) Affected: 2.0(2g) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 1.2(3c) Affected: 3.2(7k) Affected: 1.3(2h) Affected: 3.2(9b) Affected: 1.3(2k) Affected: 3.1(2t) Affected: 1.1(2h) Affected: 3.2(3j) Affected: 2.1(2k) Affected: 2.3(1f) Affected: 1.2(3h) Affected: 3.0(1i) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 1.1(4l) Affected: 2.3(1i) Affected: 3.1(2q) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.1(1i) Affected: 2.0(2m) Affected: 3.0(2h) Affected: 2.2(2q) Affected: 2.3(1l) Affected: 1.3(1h) Affected: 3.0(2n) Affected: 3.2(5f) Affected: 1.2(1h) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 1.2(1i) Affected: 1.3(1j) Affected: 2.1(1h) Affected: 2.0(2l) Affected: 2.0(2h) Affected: 1.2(2g) Affected: 3.0(1k) Affected: 4.2(1g) Affected: 2.1(2g) Affected: 2.0(1q) Affected: 1.1(1j) Affected: 4.1(2g) Affected: 1.1(1r) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 1.3(1g) Affected: 1.3(2j) Affected: 1.3(2i) Affected: 2.0(2o) Affected: 2.2(4q) Affected: 2.3(1o) Affected: 3.2(3i) Affected: 2.2(2j) Affected: 1.1(1d) Affected: 2.0(2n) Affected: 2.2(3t) Affected: 3.2(3n) Affected: 1.1(4g) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 3.1(2o) Affected: 1.2(2i) Affected: 2.1(2f) Affected: 1.3(2f) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 2.0(2f) Affected: 2.3(1e) Affected: 1.1(1s) Affected: 3.1(2v) Affected: 4.1(2w) Affected: 1.1(4i) Affected: 3.1(2u) Affected: 1.1(4f) Affected: 3.0(2m) Affected: 2.0(1k) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 1.1(2i) Affected: 4.0(2c) Affected: 1.3(1i) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 1.2(3m) Affected: 3.2(3o) Affected: 3.1(2s) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 2.3(1p) Affected: 2.1(4a) Affected: 1.1(1n) Affected: 2.2(1n) Affected: 2.2(4p) Affected: 2.1(3j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) Affected: 5.3(2c)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(8d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2m\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1m\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2m\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(41d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1m\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4r\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(3f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4m\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1p\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2p\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3s\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1m\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1r\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3r\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(1h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3p\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3s\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2t\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2u\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(3d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2q\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(4e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(1i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2m\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2q\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(1l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(1i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(1h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(1k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1q\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1r\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(2f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(6i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4q\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(2j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(3t\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2x\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(5d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(2i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(2f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(2f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(3q\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(1j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(2f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1s\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2v\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2w\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2u\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(4f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.0\\(2m\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\(1k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3r\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(2i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.0\\(2c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\(1i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.1\\(2s\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(7f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\(3m\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(3o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.1\\(2s\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(2l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(1j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.3\\(1p\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(4a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\(1n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(1n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.2\\(4p\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.1\\(3j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(9h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(1l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(4p\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.0\\(2h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(5n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(1h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(3e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.1\\(4c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(6o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(1g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7q\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(2h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(3g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7r\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7s\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7t\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:3.2\\(10g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7u\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(5e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(1j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7v\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(7g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:4.2\\(7w\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(6h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(4h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(2j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(1d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(4c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.2\\(8i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(3g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:6.0\\(5j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:application_policy_infrastructure_controller:5.3\\(2c\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "application_policy_infrastructure_controller",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "3.2\\(8d\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(1o\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(2h\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(2i\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(1k\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(1k\\)"
              },
              {
                "status": "affected",
                "version": "3.1\\(2m\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(1m\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(5e\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(2m\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(41d\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(1o\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(1m\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(2j\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(4r\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(3j\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(3f\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(2f\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(4m\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(2k\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(1i\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(1p\\)"
              },
              {
                "status": "affected",
                "version": "3.1\\(2p\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3s\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(3c\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(4e\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1k\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(4f\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(3h\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(4d\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(1n\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(1m\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(1r\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(3j\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(3n\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(1l\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(3r\\)"
              },
              {
                "status": "affected",
                "version": "3.0\\(2k\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(3g\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(1h\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(1o\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(3p\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(3e\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(3s\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(2g\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1l\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(9f\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(3l\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(2g\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(3c\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(7k\\)"
              },
              {
                "status": "affected",
                "version": "1.3\\(2h\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(9b\\)"
              },
              {
                "status": "affected",
                "version": "1.3\\(2k\\)"
              },
              {
                "status": "affected",
                "version": "3.1\\(2t\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(2h\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3j\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(2k\\)"
              },
              {
                "status": "affected",
                "version": "2.3\\(1f\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(3h\\)"
              },
              {
                "status": "affected",
                "version": "3.0\\(1i\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(2u\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(1l\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1a\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(3d\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(4l\\)"
              },
              {
                "status": "affected",
                "version": "2.3\\(1i\\)"
              },
              {
                "status": "affected",
                "version": "3.1\\(2q\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(4e\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1i\\)"
              },
              {
                "status": "affected",
                "version": "3.1\\(1i\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(2m\\)"
              },
              {
                "status": "affected",
                "version": "3.0\\(2h\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(2q\\)"
              },
              {
                "status": "affected",
                "version": "2.3\\(1l\\)"
              },
              {
                "status": "affected",
                "version": "1.3\\(1h\\)"
              },
              {
                "status": "affected",
                "version": "3.0\\(2n\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(5f\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(1h\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(1l\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(1i\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(2o\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(1i\\)"
              },
              {
                "status": "affected",
                "version": "1.3\\(1j\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(1h\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(2l\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(2h\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(2g\\)"
              },
              {
                "status": "affected",
                "version": "3.0\\(1k\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(1g\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(2g\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(1q\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(1j\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(2g\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(1r\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(2f\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(6i\\)"
              },
              {
                "status": "affected",
                "version": "1.3\\(1g\\)"
              },
              {
                "status": "affected",
                "version": "1.3\\(2j\\)"
              },
              {
                "status": "affected",
                "version": "1.3\\(2i\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(2o\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(4q\\)"
              },
              {
                "status": "affected",
                "version": "2.3\\(1o\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3i\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(2j\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(1d\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(2n\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(3t\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3n\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(4g\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(2x\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(5d\\)"
              },
              {
                "status": "affected",
                "version": "3.1\\(2o\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(2i\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(2f\\)"
              },
              {
                "status": "affected",
                "version": "1.3\\(2f\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(3q\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1j\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(2f\\)"
              },
              {
                "status": "affected",
                "version": "2.3\\(1e\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(1s\\)"
              },
              {
                "status": "affected",
                "version": "3.1\\(2v\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(2w\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(4i\\)"
              },
              {
                "status": "affected",
                "version": "3.1\\(2u\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(4f\\)"
              },
              {
                "status": "affected",
                "version": "3.0\\(2m\\)"
              },
              {
                "status": "affected",
                "version": "2.0\\(1k\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2o\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3r\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(2i\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(2c\\)"
              },
              {
                "status": "affected",
                "version": "1.3\\(1i\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(2s\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(7f\\)"
              },
              {
                "status": "affected",
                "version": "1.2\\(3m\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3o\\)"
              },
              {
                "status": "affected",
                "version": "3.1\\(2s\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2l\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(1j\\)"
              },
              {
                "status": "affected",
                "version": "2.3\\(1p\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(4a\\)"
              },
              {
                "status": "affected",
                "version": "1.1\\(1n\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(1n\\)"
              },
              {
                "status": "affected",
                "version": "2.2\\(4p\\)"
              },
              {
                "status": "affected",
                "version": "2.1\\(3j\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(4i\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(9h\\)"
              },
              {
                "status": "affected",
                "version": "5.0\\(1k\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(4k\\)"
              },
              {
                "status": "affected",
                "version": "5.0\\(1l\\)"
              },
              {
                "status": "affected",
                "version": "5.0\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(4o\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(4p\\)"
              },
              {
                "status": "affected",
                "version": "5.0\\(2h\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(5k\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(5l\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(5n\\)"
              },
              {
                "status": "affected",
                "version": "5.1\\(1h\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(6d\\)"
              },
              {
                "status": "affected",
                "version": "5.1\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(6g\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(6h\\)"
              },
              {
                "status": "affected",
                "version": "5.1\\(3e\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(10e\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(6l\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(7f\\)"
              },
              {
                "status": "affected",
                "version": "5.1\\(4c\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(6o\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(1g\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(7l\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(10f\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(2f\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(2g\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(7q\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(2h\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(3f\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(3e\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(3g\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(7r\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(7s\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(4d\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(4e\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(7t\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(5d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(10g\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(5c\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(1g\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(7u\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(5e\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(4f\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(6e\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(1j\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(6g\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(7f\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(7v\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(7g\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2h\\)"
              },
              {
                "status": "affected",
                "version": "4.2\\(7w\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(6h\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(4h\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(8d\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(2j\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(8e\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(3d\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(3e\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(8f\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(8g\\)"
              },
              {
                "status": "affected",
                "version": "5.3\\(1d\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(8h\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(4c\\)"
              },
              {
                "status": "affected",
                "version": "5.3\\(2a\\)"
              },
              {
                "status": "affected",
                "version": "5.2\\(8i\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(5h\\)"
              },
              {
                "status": "affected",
                "version": "5.3\\(2b\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(3g\\)"
              },
              {
                "status": "affected",
                "version": "6.0\\(5j\\)"
              },
              {
                "status": "affected",
                "version": "5.3\\(2c\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20478",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T03:56:06.255702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T14:11:08.951Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Application Policy Infrastructure Controller (APIC)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.2(8d)"
            },
            {
              "status": "affected",
              "version": "2.2(1o)"
            },
            {
              "status": "affected",
              "version": "1.2(2h)"
            },
            {
              "status": "affected",
              "version": "2.2(2i)"
            },
            {
              "status": "affected",
              "version": "1.2(1k)"
            },
            {
              "status": "affected",
              "version": "2.2(1k)"
            },
            {
              "status": "affected",
              "version": "3.1(2m)"
            },
            {
              "status": "affected",
              "version": "3.2(1m)"
            },
            {
              "status": "affected",
              "version": "3.2(5e)"
            },
            {
              "status": "affected",
              "version": "4.1(2m)"
            },
            {
              "status": "affected",
              "version": "3.2(41d)"
            },
            {
              "status": "affected",
              "version": "1.1(1o)"
            },
            {
              "status": "affected",
              "version": "1.2(1m)"
            },
            {
              "status": "affected",
              "version": "1.2(2j)"
            },
            {
              "status": "affected",
              "version": "2.2(4r)"
            },
            {
              "status": "affected",
              "version": "2.2(3j)"
            },
            {
              "status": "affected",
              "version": "1.1(3f)"
            },
            {
              "status": "affected",
              "version": "2.2(2f)"
            },
            {
              "status": "affected",
              "version": "1.1(4m)"
            },
            {
              "status": "affected",
              "version": "2.2(2k)"
            },
            {
              "status": "affected",
              "version": "2.1(1i)"
            },
            {
              "status": "affected",
              "version": "2.0(1p)"
            },
            {
              "status": "affected",
              "version": "3.1(2p)"
            },
            {
              "status": "affected",
              "version": "3.2(3s)"
            },
            {
              "status": "affected",
              "version": "4.0(3c)"
            },
            {
              "status": "affected",
              "version": "1.1(4e)"
            },
            {
              "status": "affected",
              "version": "4.1(1k)"
            },
            {
              "status": "affected",
              "version": "2.2(4f)"
            },
            {
              "status": "affected",
              "version": "2.1(3h)"
            },
            {
              "status": "affected",
              "version": "3.2(4d)"
            },
            {
              "status": "affected",
              "version": "2.0(1n)"
            },
            {
              "status": "affected",
              "version": "2.0(1m)"
            },
            {
              "status": "affected",
              "version": "2.0(1r)"
            },
            {
              "status": "affected",
              "version": "2.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.2(3n)"
            },
            {
              "status": "affected",
              "version": "2.0(1l)"
            },
            {
              "status": "affected",
              "version": "2.2(2e)"
            },
            {
              "status": "affected",
              "version": "2.2(3r)"
            },
            {
              "status": "affected",
              "version": "3.0(2k)"
            },
            {
              "status": "affected",
              "version": "2.1(3g)"
            },
            {
              "status": "affected",
              "version": "4.0(1h)"
            },
            {
              "status": "affected",
              "version": "2.0(1o)"
            },
            {
              "status": "affected",
              "version": "2.2(3p)"
            },
            {
              "status": "affected",
              "version": "1.2(3e)"
            },
            {
              "status": "affected",
              "version": "2.2(3s)"
            },
            {
              "status": "affected",
              "version": "2.0(2g)"
            },
            {
              "status": "affected",
              "version": "4.1(1l)"
            },
            {
              "status": "affected",
              "version": "3.2(9f)"
            },
            {
              "status": "affected",
              "version": "4.2(3l)"
            },
            {
              "status": "affected",
              "version": "4.2(2g)"
            },
            {
              "status": "affected",
              "version": "1.2(3c)"
            },
            {
              "status": "affected",
              "version": "3.2(7k)"
            },
            {
              "status": "affected",
              "version": "1.3(2h)"
            },
            {
              "status": "affected",
              "version": "3.2(9b)"
            },
            {
              "status": "affected",
              "version": "1.3(2k)"
            },
            {
              "status": "affected",
              "version": "3.1(2t)"
            },
            {
              "status": "affected",
              "version": "1.1(2h)"
            },
            {
              "status": "affected",
              "version": "3.2(3j)"
            },
            {
              "status": "affected",
              "version": "2.1(2k)"
            },
            {
              "status": "affected",
              "version": "2.3(1f)"
            },
            {
              "status": "affected",
              "version": "1.2(3h)"
            },
            {
              "status": "affected",
              "version": "3.0(1i)"
            },
            {
              "status": "affected",
              "version": "4.1(2u)"
            },
            {
              "status": "affected",
              "version": "4.2(1l)"
            },
            {
              "status": "affected",
              "version": "4.1(1a)"
            },
            {
              "status": "affected",
              "version": "4.0(3d)"
            },
            {
              "status": "affected",
              "version": "1.1(4l)"
            },
            {
              "status": "affected",
              "version": "2.3(1i)"
            },
            {
              "status": "affected",
              "version": "3.1(2q)"
            },
            {
              "status": "affected",
              "version": "3.2(4e)"
            },
            {
              "status": "affected",
              "version": "4.1(1i)"
            },
            {
              "status": "affected",
              "version": "3.1(1i)"
            },
            {
              "status": "affected",
              "version": "2.0(2m)"
            },
            {
              "status": "affected",
              "version": "3.0(2h)"
            },
            {
              "status": "affected",
              "version": "2.2(2q)"
            },
            {
              "status": "affected",
              "version": "2.3(1l)"
            },
            {
              "status": "affected",
              "version": "1.3(1h)"
            },
            {
              "status": "affected",
              "version": "3.0(2n)"
            },
            {
              "status": "affected",
              "version": "3.2(5f)"
            },
            {
              "status": "affected",
              "version": "1.2(1h)"
            },
            {
              "status": "affected",
              "version": "3.2(1l)"
            },
            {
              "status": "affected",
              "version": "4.2(1i)"
            },
            {
              "status": "affected",
              "version": "4.1(2o)"
            },
            {
              "status": "affected",
              "version": "1.2(1i)"
            },
            {
              "status": "affected",
              "version": "1.3(1j)"
            },
            {
              "status": "affected",
              "version": "2.1(1h)"
            },
            {
              "status": "affected",
              "version": "2.0(2l)"
            },
            {
              "status": "affected",
              "version": "2.0(2h)"
            },
            {
              "status": "affected",
              "version": "1.2(2g)"
            },
            {
              "status": "affected",
              "version": "3.0(1k)"
            },
            {
              "status": "affected",
              "version": "4.2(1g)"
            },
            {
              "status": "affected",
              "version": "2.1(2g)"
            },
            {
              "status": "affected",
              "version": "2.0(1q)"
            },
            {
              "status": "affected",
              "version": "1.1(1j)"
            },
            {
              "status": "affected",
              "version": "4.1(2g)"
            },
            {
              "status": "affected",
              "version": "1.1(1r)"
            },
            {
              "status": "affected",
              "version": "4.2(2f)"
            },
            {
              "status": "affected",
              "version": "3.2(6i)"
            },
            {
              "status": "affected",
              "version": "1.3(1g)"
            },
            {
              "status": "affected",
              "version": "1.3(2j)"
            },
            {
              "status": "affected",
              "version": "1.3(2i)"
            },
            {
              "status": "affected",
              "version": "2.0(2o)"
            },
            {
              "status": "affected",
              "version": "2.2(4q)"
            },
            {
              "status": "affected",
              "version": "2.3(1o)"
            },
            {
              "status": "affected",
              "version": "3.2(3i)"
            },
            {
              "status": "affected",
              "version": "2.2(2j)"
            },
            {
              "status": "affected",
              "version": "1.1(1d)"
            },
            {
              "status": "affected",
              "version": "2.0(2n)"
            },
            {
              "status": "affected",
              "version": "2.2(3t)"
            },
            {
              "status": "affected",
              "version": "3.2(3n)"
            },
            {
              "status": "affected",
              "version": "1.1(4g)"
            },
            {
              "status": "affected",
              "version": "4.1(2x)"
            },
            {
              "status": "affected",
              "version": "3.2(5d)"
            },
            {
              "status": "affected",
              "version": "3.1(2o)"
            },
            {
              "status": "affected",
              "version": "1.2(2i)"
            },
            {
              "status": "affected",
              "version": "2.1(2f)"
            },
            {
              "status": "affected",
              "version": "1.3(2f)"
            },
            {
              "status": "affected",
              "version": "4.2(3q)"
            },
            {
              "status": "affected",
              "version": "4.1(1j)"
            },
            {
              "status": "affected",
              "version": "2.0(2f)"
            },
            {
              "status": "affected",
              "version": "2.3(1e)"
            },
            {
              "status": "affected",
              "version": "1.1(1s)"
            },
            {
              "status": "affected",
              "version": "3.1(2v)"
            },
            {
              "status": "affected",
              "version": "4.1(2w)"
            },
            {
              "status": "affected",
              "version": "1.1(4i)"
            },
            {
              "status": "affected",
              "version": "3.1(2u)"
            },
            {
              "status": "affected",
              "version": "1.1(4f)"
            },
            {
              "status": "affected",
              "version": "3.0(2m)"
            },
            {
              "status": "affected",
              "version": "2.0(1k)"
            },
            {
              "status": "affected",
              "version": "3.2(2o)"
            },
            {
              "status": "affected",
              "version": "3.2(3r)"
            },
            {
              "status": "affected",
              "version": "1.1(2i)"
            },
            {
              "status": "affected",
              "version": "4.0(2c)"
            },
            {
              "status": "affected",
              "version": "1.3(1i)"
            },
            {
              "status": "affected",
              "version": "4.1(2s)"
            },
            {
              "status": "affected",
              "version": "3.2(7f)"
            },
            {
              "status": "affected",
              "version": "1.2(3m)"
            },
            {
              "status": "affected",
              "version": "3.2(3o)"
            },
            {
              "status": "affected",
              "version": "3.1(2s)"
            },
            {
              "status": "affected",
              "version": "3.2(2l)"
            },
            {
              "status": "affected",
              "version": "4.2(1j)"
            },
            {
              "status": "affected",
              "version": "2.3(1p)"
            },
            {
              "status": "affected",
              "version": "2.1(4a)"
            },
            {
              "status": "affected",
              "version": "1.1(1n)"
            },
            {
              "status": "affected",
              "version": "2.2(1n)"
            },
            {
              "status": "affected",
              "version": "2.2(4p)"
            },
            {
              "status": "affected",
              "version": "2.1(3j)"
            },
            {
              "status": "affected",
              "version": "4.2(4i)"
            },
            {
              "status": "affected",
              "version": "3.2(9h)"
            },
            {
              "status": "affected",
              "version": "5.0(1k)"
            },
            {
              "status": "affected",
              "version": "4.2(4k)"
            },
            {
              "status": "affected",
              "version": "5.0(1l)"
            },
            {
              "status": "affected",
              "version": "5.0(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(4o)"
            },
            {
              "status": "affected",
              "version": "4.2(4p)"
            },
            {
              "status": "affected",
              "version": "5.0(2h)"
            },
            {
              "status": "affected",
              "version": "4.2(5k)"
            },
            {
              "status": "affected",
              "version": "4.2(5l)"
            },
            {
              "status": "affected",
              "version": "4.2(5n)"
            },
            {
              "status": "affected",
              "version": "5.1(1h)"
            },
            {
              "status": "affected",
              "version": "4.2(6d)"
            },
            {
              "status": "affected",
              "version": "5.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(6g)"
            },
            {
              "status": "affected",
              "version": "4.2(6h)"
            },
            {
              "status": "affected",
              "version": "5.1(3e)"
            },
            {
              "status": "affected",
              "version": "3.2(10e)"
            },
            {
              "status": "affected",
              "version": "4.2(6l)"
            },
            {
              "status": "affected",
              "version": "4.2(7f)"
            },
            {
              "status": "affected",
              "version": "5.1(4c)"
            },
            {
              "status": "affected",
              "version": "4.2(6o)"
            },
            {
              "status": "affected",
              "version": "5.2(1g)"
            },
            {
              "status": "affected",
              "version": "5.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.2(7l)"
            },
            {
              "status": "affected",
              "version": "3.2(10f)"
            },
            {
              "status": "affected",
              "version": "5.2(2f)"
            },
            {
              "status": "affected",
              "version": "5.2(2g)"
            },
            {
              "status": "affected",
              "version": "4.2(7q)"
            },
            {
              "status": "affected",
              "version": "5.2(2h)"
            },
            {
              "status": "affected",
              "version": "5.2(3f)"
            },
            {
              "status": "affected",
              "version": "5.2(3e)"
            },
            {
              "status": "affected",
              "version": "5.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.2(7r)"
            },
            {
              "status": "affected",
              "version": "4.2(7s)"
            },
            {
              "status": "affected",
              "version": "5.2(4d)"
            },
            {
              "status": "affected",
              "version": "5.2(4e)"
            },
            {
              "status": "affected",
              "version": "4.2(7t)"
            },
            {
              "status": "affected",
              "version": "5.2(5d)"
            },
            {
              "status": "affected",
              "version": "3.2(10g)"
            },
            {
              "status": "affected",
              "version": "5.2(5c)"
            },
            {
              "status": "affected",
              "version": "6.0(1g)"
            },
            {
              "status": "affected",
              "version": "4.2(7u)"
            },
            {
              "status": "affected",
              "version": "5.2(5e)"
            },
            {
              "status": "affected",
              "version": "5.2(4f)"
            },
            {
              "status": "affected",
              "version": "5.2(6e)"
            },
            {
              "status": "affected",
              "version": "6.0(1j)"
            },
            {
              "status": "affected",
              "version": "5.2(6g)"
            },
            {
              "status": "affected",
              "version": "5.2(7f)"
            },
            {
              "status": "affected",
              "version": "4.2(7v)"
            },
            {
              "status": "affected",
              "version": "5.2(7g)"
            },
            {
              "status": "affected",
              "version": "6.0(2h)"
            },
            {
              "status": "affected",
              "version": "4.2(7w)"
            },
            {
              "status": "affected",
              "version": "5.2(6h)"
            },
            {
              "status": "affected",
              "version": "5.2(4h)"
            },
            {
              "status": "affected",
              "version": "5.2(8d)"
            },
            {
              "status": "affected",
              "version": "6.0(2j)"
            },
            {
              "status": "affected",
              "version": "5.2(8e)"
            },
            {
              "status": "affected",
              "version": "6.0(3d)"
            },
            {
              "status": "affected",
              "version": "6.0(3e)"
            },
            {
              "status": "affected",
              "version": "5.2(8f)"
            },
            {
              "status": "affected",
              "version": "5.2(8g)"
            },
            {
              "status": "affected",
              "version": "5.3(1d)"
            },
            {
              "status": "affected",
              "version": "5.2(8h)"
            },
            {
              "status": "affected",
              "version": "6.0(4c)"
            },
            {
              "status": "affected",
              "version": "5.3(2a)"
            },
            {
              "status": "affected",
              "version": "5.2(8i)"
            },
            {
              "status": "affected",
              "version": "6.0(5h)"
            },
            {
              "status": "affected",
              "version": "5.3(2b)"
            },
            {
              "status": "affected",
              "version": "6.0(3g)"
            },
            {
              "status": "affected",
              "version": "6.0(5j)"
            },
            {
              "status": "affected",
              "version": "5.3(2c)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco\u0026nbsp;Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.\r\n\r\nThis vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.\r\nNote: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-28T16:30:07.175Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-capic-priv-esc-uYQJjnuU",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU"
        }
      ],
      "source": {
        "advisory": "cisco-sa-capic-priv-esc-uYQJjnuU",
        "defects": [
          "CSCwj32072"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20478",
    "datePublished": "2024-08-28T16:30:07.175Z",
    "dateReserved": "2023-11-08T15:08:07.682Z",
    "dateUpdated": "2024-09-06T14:11:08.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-21924 (GCVE-0-2024-21924)

Vulnerability from cvelistv5 – Published: 2025-02-11 20:18 – Updated: 2025-02-11 20:52

Summary

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-250 - Execution with Unnecessary Privileges

Assigner

AMD

References

1 reference

URL	Tags
https://www.amd.com/en/resources/product-security…

Impacted products

7 products

Vendor	Product	Version
AMD	AMD EPYC™ 7002 Processors	Unaffected: Rome PI 1.0.0.K
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.9
AMD	AMD Ryzen™ Threadripper™ PRO 3000WX Series Processors	Unaffected: CastlePeakWSPI-sWRX8 1.0.0.E
AMD	AMD Ryzen™ Threadripper™ PRO 5000WX- Series Desktop Processors	Unaffected: ChagallWSPI-sWRX8 1.0.0.9
AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors	Unaffected: StormPeakPI-SP6 1.1.0.0h
AMD	AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors	Unaffected: StormPeakPI-SP6 1.0.0.1j
AMD	AMD EPYC™ Embedded 7002 Processors	Unaffected: EmbRomePI-SP3 1.0.0.D

Date Public

2025-02-11 17:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21924",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T20:52:10.826130Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T20:52:32.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Rome PI 1.0.0.K"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000WX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "CastlePeakWSPI-sWRX8 1.0.0.E"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000WX- Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ChagallWSPI-sWRX8 1.0.0.9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6  1.1.0.0h"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "StormPeakPI-SP6  1.0.0.1j"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AMD EPYC\u2122 Embedded 7002 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "EmbRomePI-SP3 1.0.0.D"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution."
            }
          ],
          "value": "SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T20:18:50.402Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7028.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2024-21924",
    "datePublished": "2025-02-11T20:18:50.402Z",
    "dateReserved": "2024-01-03T16:43:09.232Z",
    "dateUpdated": "2025-02-11T20:52:32.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CWE-250

Execution with Unnecessary Privileges

CVE-2024-0084 (GCVE-0-2024-0084)

CVE-2024-11075 (GCVE-0-2024-11075)

CVE-2024-11821 (GCVE-0-2024-11821)

CVE-2024-1222 (GCVE-0-2024-1222)

CVE-2024-12673 (GCVE-0-2024-12673)

CVE-2024-13090 (GCVE-0-2024-13090)

CVE-2024-20420 (GCVE-0-2024-20420)

CVE-2024-20435 (GCVE-0-2024-20435)

CVE-2024-20478 (GCVE-0-2024-20478)

CVE-2024-21924 (GCVE-0-2024-21924)

Mitigation ID: MIT-17

Mitigation ID: MIT-18

Mitigation ID: MIT-18

Mitigation

Mitigation ID: MIT-19

Mitigation

Mitigation ID: MIT-37

CAPEC-104: Cross Zone Scripting

CAPEC-470: Expanding Control over the Operating System from the Database

CAPEC-69: Target Programs with Elevated Privileges