Cisco APIC Vulnerability Could Lead to Arbitrary Code Injection
CVE-2024-20478

7.2HIGH

Key Information:

Vendor

Cisco
Status
Cisco Application Policy Infrastructure Controller (apic)
Vendor
CVE Published:
28 August 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-20478?

A vulnerability in Cisco's Application Policy Infrastructure Controller (APIC) and Cloud Network Controller arises from inadequate validation of software image signatures. An authenticated remote attacker with Administrator-level access can exploit this flaw to install a tampered software image. This could lead to arbitrary code execution on the affected systems, allowing attackers to gain root privileges. To mitigate this risk, it is crucial for administrators to rigorously verify the integrity of upgrade images before deployment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Application Policy Infrastructure Controller (APIC) 3.2(8d)

Cisco Application Policy Infrastructure Controller (APIC) 2.2(1o)

Cisco Application Policy Infrastructure Controller (APIC) 1.2(2h)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

JSON
.