Preview Tool

Cisco Bug: CSCvt64544 - Cloud APIC csync2 service does not use transport layer security

Last Modified

May 14, 2020

Products (1)

  • Cisco Application Policy Infrastructure Controller (APIC)

Known Affected Releases


Description (partial)

A vulnerability in the csync2 service of Cisco Cloud APIC Software could allow an unauthenticated, remote attacker with a privileged network position to monitor communications.

The vulnerability is due to improper transport layer security protections on the csync2 service. An attacker with a privileged network position could exploit this vulnerability to monitor communications between devices using csync2, possibly allowing the attacker to gain access to sensitive information.

Software running in default configuration
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.