Guest

Preview Tool

Cisco Bug: CSCvs12541 - Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerabi

Last Modified

Jun 04, 2020

Products (1)

  • Cisco Application Policy Infrastructure Controller (APIC)

Known Affected Releases

1.1(0c)

Description (partial)

Symptom:
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device.

    The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-APIC-EPU-F8y5kUOP

Conditions:
At the time of publication, this vulnerability affected Cisco Application Services Engine Software releases earlier than Release 1.1.2.20.

See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.


At the time of publication, Cisco Application Services Engine Software releases 1.1.2.20 and later contained the fix for this vulnerability.

See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.