Cisco APIC Vulnerability Could Lead to Arbitrary Code Injection
CVE-2024-20478

7.2HIGH

Key Information:

Vendor: Cisco
Status: Cisco Application Policy Infrastructure Controller (apic)
Vendor: CVE Published:; 28 August 2024

Badges

👾 Exploit Exists

What is CVE-2024-20478?

A vulnerability in Cisco's Application Policy Infrastructure Controller (APIC) and Cloud Network Controller arises from inadequate validation of software image signatures. An authenticated remote attacker with Administrator-level access can exploit this flaw to install a tampered software image. This could lead to arbitrary code execution on the affected systems, allowing attackers to gain root privileges. To mitigate this risk, it is crucial for administrators to rigorously verify the integrity of upgrade images before deployment.

Affected Version(s)

Cisco Application Policy Infrastructure Controller (APIC) 3.2(8d)

Cisco Application Policy Infrastructure Controller (APIC) 2.2(1o)

Cisco Application Policy Infrastructure Controller (APIC) 1.2(2h)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 30, 2024
Vulnerability published
Aug 28, 2024