Action not permitted
Modal body text goes here.
Modal Title
Modal Body
BDU:2024-06599
Vulnerability from fstec - Published: 28.08.2024
VLAI Severity ?
Title
Уязвимость средства управления информационной инфраструктурой Cisco Application Policy Infrastructure Controller, позволяющая нарушителю изменить произвольные политики безопасности
Description
Уязвимость средства управления информационной инфраструктурой Cisco Application Policy Infrastructure Controller связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, изменить произвольные политики безопасности
Severity ?
Vendor
Cisco Systems Inc.
Software Name
Cisco APIC
Software Version
до 5.3(2c) (Cisco APIC), от 6.0 до 6.0(6c) (Cisco APIC)
Possible Mitigations
Обновление программного обеспечения:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq
Reference
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq
CWE
CWE-284
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 5.3(2c) (Cisco APIC), \u043e\u0442 6.0 \u0434\u043e 6.0(6c) (Cisco APIC)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.08.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "02.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.09.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06599",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20279",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco APIC",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 Cisco Application Policy Infrastructure Controller, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043e\u0439 Cisco Application Policy Infrastructure Controller \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
CVE-2024-20279 (GCVE-0-2024-20279)
Vulnerability from cvelistv5 – Published: 2024-08-28 16:19 – Updated: 2024-08-28 17:54
VLAI?
EPSS
Title
Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability
Summary
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
Severity ?
4.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Application Policy Infrastructure Controller (APIC) |
Affected:
3.2(8d)
Affected: 2.2(1o) Affected: 1.2(2h) Affected: 2.2(2i) Affected: 1.2(1k) Affected: 2.2(1k) Affected: 3.1(2m) Affected: 3.2(1m) Affected: 3.2(5e) Affected: 4.1(2m) Affected: 3.2(41d) Affected: 1.1(1o) Affected: 1.2(1m) Affected: 1.2(2j) Affected: 2.2(4r) Affected: 2.2(3j) Affected: 1.1(3f) Affected: 2.2(2f) Affected: 1.1(4m) Affected: 2.2(2k) Affected: 2.1(1i) Affected: 2.0(1p) Affected: 3.1(2p) Affected: 3.2(3s) Affected: 4.0(3c) Affected: 1.1(4e) Affected: 4.1(1k) Affected: 2.2(4f) Affected: 2.1(3h) Affected: 3.2(4d) Affected: 2.0(1n) Affected: 2.0(1m) Affected: 2.0(1r) Affected: 2.1(2e) Affected: 4.2(2e) Affected: 4.2(3j) Affected: 4.2(3n) Affected: 2.0(1l) Affected: 2.2(2e) Affected: 2.2(3r) Affected: 3.0(2k) Affected: 2.1(3g) Affected: 4.0(1h) Affected: 2.0(1o) Affected: 2.2(3p) Affected: 1.2(3e) Affected: 2.2(3s) Affected: 2.0(2g) Affected: 4.1(1l) Affected: 3.2(9f) Affected: 4.2(3l) Affected: 4.2(2g) Affected: 1.2(3c) Affected: 3.2(7k) Affected: 1.3(2h) Affected: 3.2(9b) Affected: 1.3(2k) Affected: 3.1(2t) Affected: 1.1(2h) Affected: 3.2(3j) Affected: 2.1(2k) Affected: 2.3(1f) Affected: 1.2(3h) Affected: 3.0(1i) Affected: 4.1(2u) Affected: 4.2(1l) Affected: 4.1(1a) Affected: 4.0(3d) Affected: 1.1(4l) Affected: 2.3(1i) Affected: 3.1(2q) Affected: 3.2(4e) Affected: 4.1(1i) Affected: 3.1(1i) Affected: 2.0(2m) Affected: 3.0(2h) Affected: 2.2(2q) Affected: 2.3(1l) Affected: 1.3(1h) Affected: 3.0(2n) Affected: 3.2(5f) Affected: 1.2(1h) Affected: 3.2(1l) Affected: 4.2(1i) Affected: 4.1(2o) Affected: 1.2(1i) Affected: 1.3(1j) Affected: 2.1(1h) Affected: 2.0(2l) Affected: 2.0(2h) Affected: 1.2(2g) Affected: 3.0(1k) Affected: 4.2(1g) Affected: 2.1(2g) Affected: 2.0(1q) Affected: 1.1(1j) Affected: 4.1(2g) Affected: 1.1(1r) Affected: 4.2(2f) Affected: 3.2(6i) Affected: 1.3(1g) Affected: 1.3(2j) Affected: 1.3(2i) Affected: 2.0(2o) Affected: 2.2(4q) Affected: 2.3(1o) Affected: 3.2(3i) Affected: 2.2(2j) Affected: 1.1(1d) Affected: 2.0(2n) Affected: 2.2(3t) Affected: 3.2(3n) Affected: 1.1(4g) Affected: 4.1(2x) Affected: 3.2(5d) Affected: 3.1(2o) Affected: 1.2(2i) Affected: 2.1(2f) Affected: 1.3(2f) Affected: 4.2(3q) Affected: 4.1(1j) Affected: 2.0(2f) Affected: 2.3(1e) Affected: 1.1(1s) Affected: 3.1(2v) Affected: 4.1(2w) Affected: 1.1(4i) Affected: 3.1(2u) Affected: 1.1(4f) Affected: 3.0(2m) Affected: 2.0(1k) Affected: 3.2(2o) Affected: 3.2(3r) Affected: 1.1(2i) Affected: 4.0(2c) Affected: 1.3(1i) Affected: 4.1(2s) Affected: 3.2(7f) Affected: 1.2(3m) Affected: 3.2(3o) Affected: 3.1(2s) Affected: 3.2(2l) Affected: 4.2(1j) Affected: 2.3(1p) Affected: 2.1(4a) Affected: 1.1(1n) Affected: 2.2(1n) Affected: 2.2(4p) Affected: 2.1(3j) Affected: 4.2(4i) Affected: 3.2(9h) Affected: 5.0(1k) Affected: 4.2(4k) Affected: 5.0(1l) Affected: 5.0(2e) Affected: 4.2(4o) Affected: 4.2(4p) Affected: 5.0(2h) Affected: 4.2(5k) Affected: 4.2(5l) Affected: 4.2(5n) Affected: 5.1(1h) Affected: 4.2(6d) Affected: 5.1(2e) Affected: 4.2(6g) Affected: 4.2(6h) Affected: 5.1(3e) Affected: 3.2(10e) Affected: 4.2(6l) Affected: 4.2(7f) Affected: 5.1(4c) Affected: 4.2(6o) Affected: 5.2(1g) Affected: 5.2(2e) Affected: 4.2(7l) Affected: 3.2(10f) Affected: 5.2(2f) Affected: 5.2(2g) Affected: 4.2(7q) Affected: 5.2(2h) Affected: 5.2(3f) Affected: 5.2(3e) Affected: 5.2(3g) Affected: 4.2(7r) Affected: 4.2(7s) Affected: 5.2(4d) Affected: 5.2(4e) Affected: 4.2(7t) Affected: 5.2(5d) Affected: 3.2(10g) Affected: 5.2(5c) Affected: 6.0(1g) Affected: 4.2(7u) Affected: 5.2(5e) Affected: 5.2(4f) Affected: 5.2(6e) Affected: 6.0(1j) Affected: 5.2(6g) Affected: 5.2(7f) Affected: 4.2(7v) Affected: 5.2(7g) Affected: 6.0(2h) Affected: 4.2(7w) Affected: 5.2(6h) Affected: 5.2(4h) Affected: 5.2(8d) Affected: 6.0(2j) Affected: 5.2(8e) Affected: 6.0(3d) Affected: 6.0(3e) Affected: 5.2(8f) Affected: 5.2(8g) Affected: 5.3(1d) Affected: 5.2(8h) Affected: 6.0(4c) Affected: 5.3(2a) Affected: 5.2(8i) Affected: 6.0(5h) Affected: 5.3(2b) Affected: 6.0(3g) Affected: 6.0(5j) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T17:54:46.155615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T17:54:51.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Application Policy Infrastructure Controller (APIC)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2(8d)"
},
{
"status": "affected",
"version": "2.2(1o)"
},
{
"status": "affected",
"version": "1.2(2h)"
},
{
"status": "affected",
"version": "2.2(2i)"
},
{
"status": "affected",
"version": "1.2(1k)"
},
{
"status": "affected",
"version": "2.2(1k)"
},
{
"status": "affected",
"version": "3.1(2m)"
},
{
"status": "affected",
"version": "3.2(1m)"
},
{
"status": "affected",
"version": "3.2(5e)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "3.2(41d)"
},
{
"status": "affected",
"version": "1.1(1o)"
},
{
"status": "affected",
"version": "1.2(1m)"
},
{
"status": "affected",
"version": "1.2(2j)"
},
{
"status": "affected",
"version": "2.2(4r)"
},
{
"status": "affected",
"version": "2.2(3j)"
},
{
"status": "affected",
"version": "1.1(3f)"
},
{
"status": "affected",
"version": "2.2(2f)"
},
{
"status": "affected",
"version": "1.1(4m)"
},
{
"status": "affected",
"version": "2.2(2k)"
},
{
"status": "affected",
"version": "2.1(1i)"
},
{
"status": "affected",
"version": "2.0(1p)"
},
{
"status": "affected",
"version": "3.1(2p)"
},
{
"status": "affected",
"version": "3.2(3s)"
},
{
"status": "affected",
"version": "4.0(3c)"
},
{
"status": "affected",
"version": "1.1(4e)"
},
{
"status": "affected",
"version": "4.1(1k)"
},
{
"status": "affected",
"version": "2.2(4f)"
},
{
"status": "affected",
"version": "2.1(3h)"
},
{
"status": "affected",
"version": "3.2(4d)"
},
{
"status": "affected",
"version": "2.0(1n)"
},
{
"status": "affected",
"version": "2.0(1m)"
},
{
"status": "affected",
"version": "2.0(1r)"
},
{
"status": "affected",
"version": "2.1(2e)"
},
{
"status": "affected",
"version": "4.2(2e)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "2.0(1l)"
},
{
"status": "affected",
"version": "2.2(2e)"
},
{
"status": "affected",
"version": "2.2(3r)"
},
{
"status": "affected",
"version": "3.0(2k)"
},
{
"status": "affected",
"version": "2.1(3g)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "2.0(1o)"
},
{
"status": "affected",
"version": "2.2(3p)"
},
{
"status": "affected",
"version": "1.2(3e)"
},
{
"status": "affected",
"version": "2.2(3s)"
},
{
"status": "affected",
"version": "2.0(2g)"
},
{
"status": "affected",
"version": "4.1(1l)"
},
{
"status": "affected",
"version": "3.2(9f)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "1.2(3c)"
},
{
"status": "affected",
"version": "3.2(7k)"
},
{
"status": "affected",
"version": "1.3(2h)"
},
{
"status": "affected",
"version": "3.2(9b)"
},
{
"status": "affected",
"version": "1.3(2k)"
},
{
"status": "affected",
"version": "3.1(2t)"
},
{
"status": "affected",
"version": "1.1(2h)"
},
{
"status": "affected",
"version": "3.2(3j)"
},
{
"status": "affected",
"version": "2.1(2k)"
},
{
"status": "affected",
"version": "2.3(1f)"
},
{
"status": "affected",
"version": "1.2(3h)"
},
{
"status": "affected",
"version": "3.0(1i)"
},
{
"status": "affected",
"version": "4.1(2u)"
},
{
"status": "affected",
"version": "4.2(1l)"
},
{
"status": "affected",
"version": "4.1(1a)"
},
{
"status": "affected",
"version": "4.0(3d)"
},
{
"status": "affected",
"version": "1.1(4l)"
},
{
"status": "affected",
"version": "2.3(1i)"
},
{
"status": "affected",
"version": "3.1(2q)"
},
{
"status": "affected",
"version": "3.2(4e)"
},
{
"status": "affected",
"version": "4.1(1i)"
},
{
"status": "affected",
"version": "3.1(1i)"
},
{
"status": "affected",
"version": "2.0(2m)"
},
{
"status": "affected",
"version": "3.0(2h)"
},
{
"status": "affected",
"version": "2.2(2q)"
},
{
"status": "affected",
"version": "2.3(1l)"
},
{
"status": "affected",
"version": "1.3(1h)"
},
{
"status": "affected",
"version": "3.0(2n)"
},
{
"status": "affected",
"version": "3.2(5f)"
},
{
"status": "affected",
"version": "1.2(1h)"
},
{
"status": "affected",
"version": "3.2(1l)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.1(2o)"
},
{
"status": "affected",
"version": "1.2(1i)"
},
{
"status": "affected",
"version": "1.3(1j)"
},
{
"status": "affected",
"version": "2.1(1h)"
},
{
"status": "affected",
"version": "2.0(2l)"
},
{
"status": "affected",
"version": "2.0(2h)"
},
{
"status": "affected",
"version": "1.2(2g)"
},
{
"status": "affected",
"version": "3.0(1k)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "2.1(2g)"
},
{
"status": "affected",
"version": "2.0(1q)"
},
{
"status": "affected",
"version": "1.1(1j)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "1.1(1r)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "3.2(6i)"
},
{
"status": "affected",
"version": "1.3(1g)"
},
{
"status": "affected",
"version": "1.3(2j)"
},
{
"status": "affected",
"version": "1.3(2i)"
},
{
"status": "affected",
"version": "2.0(2o)"
},
{
"status": "affected",
"version": "2.2(4q)"
},
{
"status": "affected",
"version": "2.3(1o)"
},
{
"status": "affected",
"version": "3.2(3i)"
},
{
"status": "affected",
"version": "2.2(2j)"
},
{
"status": "affected",
"version": "1.1(1d)"
},
{
"status": "affected",
"version": "2.0(2n)"
},
{
"status": "affected",
"version": "2.2(3t)"
},
{
"status": "affected",
"version": "3.2(3n)"
},
{
"status": "affected",
"version": "1.1(4g)"
},
{
"status": "affected",
"version": "4.1(2x)"
},
{
"status": "affected",
"version": "3.2(5d)"
},
{
"status": "affected",
"version": "3.1(2o)"
},
{
"status": "affected",
"version": "1.2(2i)"
},
{
"status": "affected",
"version": "2.1(2f)"
},
{
"status": "affected",
"version": "1.3(2f)"
},
{
"status": "affected",
"version": "4.2(3q)"
},
{
"status": "affected",
"version": "4.1(1j)"
},
{
"status": "affected",
"version": "2.0(2f)"
},
{
"status": "affected",
"version": "2.3(1e)"
},
{
"status": "affected",
"version": "1.1(1s)"
},
{
"status": "affected",
"version": "3.1(2v)"
},
{
"status": "affected",
"version": "4.1(2w)"
},
{
"status": "affected",
"version": "1.1(4i)"
},
{
"status": "affected",
"version": "3.1(2u)"
},
{
"status": "affected",
"version": "1.1(4f)"
},
{
"status": "affected",
"version": "3.0(2m)"
},
{
"status": "affected",
"version": "2.0(1k)"
},
{
"status": "affected",
"version": "3.2(2o)"
},
{
"status": "affected",
"version": "3.2(3r)"
},
{
"status": "affected",
"version": "1.1(2i)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "1.3(1i)"
},
{
"status": "affected",
"version": "4.1(2s)"
},
{
"status": "affected",
"version": "3.2(7f)"
},
{
"status": "affected",
"version": "1.2(3m)"
},
{
"status": "affected",
"version": "3.2(3o)"
},
{
"status": "affected",
"version": "3.1(2s)"
},
{
"status": "affected",
"version": "3.2(2l)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "2.3(1p)"
},
{
"status": "affected",
"version": "2.1(4a)"
},
{
"status": "affected",
"version": "1.1(1n)"
},
{
"status": "affected",
"version": "2.2(1n)"
},
{
"status": "affected",
"version": "2.2(4p)"
},
{
"status": "affected",
"version": "2.1(3j)"
},
{
"status": "affected",
"version": "4.2(4i)"
},
{
"status": "affected",
"version": "3.2(9h)"
},
{
"status": "affected",
"version": "5.0(1k)"
},
{
"status": "affected",
"version": "4.2(4k)"
},
{
"status": "affected",
"version": "5.0(1l)"
},
{
"status": "affected",
"version": "5.0(2e)"
},
{
"status": "affected",
"version": "4.2(4o)"
},
{
"status": "affected",
"version": "4.2(4p)"
},
{
"status": "affected",
"version": "5.0(2h)"
},
{
"status": "affected",
"version": "4.2(5k)"
},
{
"status": "affected",
"version": "4.2(5l)"
},
{
"status": "affected",
"version": "4.2(5n)"
},
{
"status": "affected",
"version": "5.1(1h)"
},
{
"status": "affected",
"version": "4.2(6d)"
},
{
"status": "affected",
"version": "5.1(2e)"
},
{
"status": "affected",
"version": "4.2(6g)"
},
{
"status": "affected",
"version": "4.2(6h)"
},
{
"status": "affected",
"version": "5.1(3e)"
},
{
"status": "affected",
"version": "3.2(10e)"
},
{
"status": "affected",
"version": "4.2(6l)"
},
{
"status": "affected",
"version": "4.2(7f)"
},
{
"status": "affected",
"version": "5.1(4c)"
},
{
"status": "affected",
"version": "4.2(6o)"
},
{
"status": "affected",
"version": "5.2(1g)"
},
{
"status": "affected",
"version": "5.2(2e)"
},
{
"status": "affected",
"version": "4.2(7l)"
},
{
"status": "affected",
"version": "3.2(10f)"
},
{
"status": "affected",
"version": "5.2(2f)"
},
{
"status": "affected",
"version": "5.2(2g)"
},
{
"status": "affected",
"version": "4.2(7q)"
},
{
"status": "affected",
"version": "5.2(2h)"
},
{
"status": "affected",
"version": "5.2(3f)"
},
{
"status": "affected",
"version": "5.2(3e)"
},
{
"status": "affected",
"version": "5.2(3g)"
},
{
"status": "affected",
"version": "4.2(7r)"
},
{
"status": "affected",
"version": "4.2(7s)"
},
{
"status": "affected",
"version": "5.2(4d)"
},
{
"status": "affected",
"version": "5.2(4e)"
},
{
"status": "affected",
"version": "4.2(7t)"
},
{
"status": "affected",
"version": "5.2(5d)"
},
{
"status": "affected",
"version": "3.2(10g)"
},
{
"status": "affected",
"version": "5.2(5c)"
},
{
"status": "affected",
"version": "6.0(1g)"
},
{
"status": "affected",
"version": "4.2(7u)"
},
{
"status": "affected",
"version": "5.2(5e)"
},
{
"status": "affected",
"version": "5.2(4f)"
},
{
"status": "affected",
"version": "5.2(6e)"
},
{
"status": "affected",
"version": "6.0(1j)"
},
{
"status": "affected",
"version": "5.2(6g)"
},
{
"status": "affected",
"version": "5.2(7f)"
},
{
"status": "affected",
"version": "4.2(7v)"
},
{
"status": "affected",
"version": "5.2(7g)"
},
{
"status": "affected",
"version": "6.0(2h)"
},
{
"status": "affected",
"version": "4.2(7w)"
},
{
"status": "affected",
"version": "5.2(6h)"
},
{
"status": "affected",
"version": "5.2(4h)"
},
{
"status": "affected",
"version": "5.2(8d)"
},
{
"status": "affected",
"version": "6.0(2j)"
},
{
"status": "affected",
"version": "5.2(8e)"
},
{
"status": "affected",
"version": "6.0(3d)"
},
{
"status": "affected",
"version": "6.0(3e)"
},
{
"status": "affected",
"version": "5.2(8f)"
},
{
"status": "affected",
"version": "5.2(8g)"
},
{
"status": "affected",
"version": "5.3(1d)"
},
{
"status": "affected",
"version": "5.2(8h)"
},
{
"status": "affected",
"version": "6.0(4c)"
},
{
"status": "affected",
"version": "5.3(2a)"
},
{
"status": "affected",
"version": "5.2(8i)"
},
{
"status": "affected",
"version": "6.0(5h)"
},
{
"status": "affected",
"version": "5.3(2b)"
},
{
"status": "affected",
"version": "6.0(3g)"
},
{
"status": "affected",
"version": "6.0(5j)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system.\u0026nbsp;This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T16:19:08.343Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-apic-cousmo-uBpBYGbq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-cousmo-uBpBYGbq"
}
],
"source": {
"advisory": "cisco-sa-apic-cousmo-uBpBYGbq",
"defects": [
"CSCwe67288"
],
"discovery": "INTERNAL"
},
"title": "Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20279",
"datePublished": "2024-08-28T16:19:08.343Z",
"dateReserved": "2023-11-08T15:08:07.625Z",
"dateUpdated": "2024-08-28T17:54:51.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…