Cisco Application Policy Infrastructure Controller IPv6 Link-Local Address Vulnerability
CVE-2019-1690

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Application Policy Infrastructure Controller (apic)
Vendor: CVE Published:; 11 March 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local address on the affected device. A successful exploit could allow the attacker to bypass default access control restrictions on an affected device. Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c) are affected.

Affected Version(s)

Cisco Application Policy Infrastructure Controller (APIC) < 4.2(0.21c)

References

http://www.securityfocus.com/bid/107317

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Mar 11, 2019
Vulnerability Reserved
Dec 6, 2018