Cisco APIC Restricted Domain Access Control Vulnerability (CVE-2024-20279)
CVE-2024-20279 Published on August 28, 2024
Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of default system policies, such as quality of service (QoS) policies, on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete child policies created under default system policies, which are implicitly used by all tenants in the fabric, resulting in disruption of network traffic. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.
Vulnerability Analysis
CVE-2024-20279 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2024-20279 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2024-20279
Want to know whenever a new CVE is published for Cisco Application Policy Infrastructure Controller? stack.watch will email you.
Affected Versions
Cisco Application Policy Infrastructure Controller (APIC):- Version 3.2(8d) is affected.
- Version 2.2(1o) is affected.
- Version 1.2(2h) is affected.
- Version 2.2(2i) is affected.
- Version 1.2(1k) is affected.
- Version 2.2(1k) is affected.
- Version 3.1(2m) is affected.
- Version 3.2(1m) is affected.
- Version 3.2(5e) is affected.
- Version 4.1(2m) is affected.
- Version 3.2(41d) is affected.
- Version 1.1(1o) is affected.
- Version 1.2(1m) is affected.
- Version 1.2(2j) is affected.
- Version 2.2(4r) is affected.
- Version 2.2(3j) is affected.
- Version 1.1(3f) is affected.
- Version 2.2(2f) is affected.
- Version 1.1(4m) is affected.
- Version 2.2(2k) is affected.
- Version 2.1(1i) is affected.
- Version 2.0(1p) is affected.
- Version 3.1(2p) is affected.
- Version 3.2(3s) is affected.
- Version 4.0(3c) is affected.
- Version 1.1(4e) is affected.
- Version 4.1(1k) is affected.
- Version 2.2(4f) is affected.
- Version 2.1(3h) is affected.
- Version 3.2(4d) is affected.
- Version 2.0(1n) is affected.
- Version 2.0(1m) is affected.
- Version 2.0(1r) is affected.
- Version 2.1(2e) is affected.
- Version 4.2(2e) is affected.
- Version 4.2(3j) is affected.
- Version 4.2(3n) is affected.
- Version 2.0(1l) is affected.
- Version 2.2(2e) is affected.
- Version 2.2(3r) is affected.
- Version 3.0(2k) is affected.
- Version 2.1(3g) is affected.
- Version 4.0(1h) is affected.
- Version 2.0(1o) is affected.
- Version 2.2(3p) is affected.
- Version 1.2(3e) is affected.
- Version 2.2(3s) is affected.
- Version 2.0(2g) is affected.
- Version 4.1(1l) is affected.
- Version 3.2(9f) is affected.
- Version 4.2(3l) is affected.
- Version 4.2(2g) is affected.
- Version 1.2(3c) is affected.
- Version 3.2(7k) is affected.
- Version 1.3(2h) is affected.
- Version 3.2(9b) is affected.
- Version 1.3(2k) is affected.
- Version 3.1(2t) is affected.
- Version 1.1(2h) is affected.
- Version 3.2(3j) is affected.
- Version 2.1(2k) is affected.
- Version 2.3(1f) is affected.
- Version 1.2(3h) is affected.
- Version 3.0(1i) is affected.
- Version 4.1(2u) is affected.
- Version 4.2(1l) is affected.
- Version 4.1(1a) is affected.
- Version 4.0(3d) is affected.
- Version 1.1(4l) is affected.
- Version 2.3(1i) is affected.
- Version 3.1(2q) is affected.
- Version 3.2(4e) is affected.
- Version 4.1(1i) is affected.
- Version 3.1(1i) is affected.
- Version 2.0(2m) is affected.
- Version 3.0(2h) is affected.
- Version 2.2(2q) is affected.
- Version 2.3(1l) is affected.
- Version 1.3(1h) is affected.
- Version 3.0(2n) is affected.
- Version 3.2(5f) is affected.
- Version 1.2(1h) is affected.
- Version 3.2(1l) is affected.
- Version 4.2(1i) is affected.
- Version 4.1(2o) is affected.
- Version 1.2(1i) is affected.
- Version 1.3(1j) is affected.
- Version 2.1(1h) is affected.
- Version 2.0(2l) is affected.
- Version 2.0(2h) is affected.
- Version 1.2(2g) is affected.
- Version 3.0(1k) is affected.
- Version 4.2(1g) is affected.
- Version 2.1(2g) is affected.
- Version 2.0(1q) is affected.
- Version 1.1(1j) is affected.
- Version 4.1(2g) is affected.
- Version 1.1(1r) is affected.
- Version 4.2(2f) is affected.
- Version 3.2(6i) is affected.
- Version 1.3(1g) is affected.
- Version 1.3(2j) is affected.
- Version 1.3(2i) is affected.
- Version 2.0(2o) is affected.
- Version 2.2(4q) is affected.
- Version 2.3(1o) is affected.
- Version 3.2(3i) is affected.
- Version 2.2(2j) is affected.
- Version 1.1(1d) is affected.
- Version 2.0(2n) is affected.
- Version 2.2(3t) is affected.
- Version 3.2(3n) is affected.
- Version 1.1(4g) is affected.
- Version 4.1(2x) is affected.
- Version 3.2(5d) is affected.
- Version 3.1(2o) is affected.
- Version 1.2(2i) is affected.
- Version 2.1(2f) is affected.
- Version 1.3(2f) is affected.
- Version 4.2(3q) is affected.
- Version 4.1(1j) is affected.
- Version 2.0(2f) is affected.
- Version 2.3(1e) is affected.
- Version 1.1(1s) is affected.
- Version 3.1(2v) is affected.
- Version 4.1(2w) is affected.
- Version 1.1(4i) is affected.
- Version 3.1(2u) is affected.
- Version 1.1(4f) is affected.
- Version 3.0(2m) is affected.
- Version 2.0(1k) is affected.
- Version 3.2(2o) is affected.
- Version 3.2(3r) is affected.
- Version 1.1(2i) is affected.
- Version 4.0(2c) is affected.
- Version 1.3(1i) is affected.
- Version 4.1(2s) is affected.
- Version 3.2(7f) is affected.
- Version 1.2(3m) is affected.
- Version 3.2(3o) is affected.
- Version 3.1(2s) is affected.
- Version 3.2(2l) is affected.
- Version 4.2(1j) is affected.
- Version 2.3(1p) is affected.
- Version 2.1(4a) is affected.
- Version 1.1(1n) is affected.
- Version 2.2(1n) is affected.
- Version 2.2(4p) is affected.
- Version 2.1(3j) is affected.
- Version 4.2(4i) is affected.
- Version 3.2(9h) is affected.
- Version 5.0(1k) is affected.
- Version 4.2(4k) is affected.
- Version 5.0(1l) is affected.
- Version 5.0(2e) is affected.
- Version 4.2(4o) is affected.
- Version 4.2(4p) is affected.
- Version 5.0(2h) is affected.
- Version 4.2(5k) is affected.
- Version 4.2(5l) is affected.
- Version 4.2(5n) is affected.
- Version 5.1(1h) is affected.
- Version 4.2(6d) is affected.
- Version 5.1(2e) is affected.
- Version 4.2(6g) is affected.
- Version 4.2(6h) is affected.
- Version 5.1(3e) is affected.
- Version 3.2(10e) is affected.
- Version 4.2(6l) is affected.
- Version 4.2(7f) is affected.
- Version 5.1(4c) is affected.
- Version 4.2(6o) is affected.
- Version 5.2(1g) is affected.
- Version 5.2(2e) is affected.
- Version 4.2(7l) is affected.
- Version 3.2(10f) is affected.
- Version 5.2(2f) is affected.
- Version 5.2(2g) is affected.
- Version 4.2(7q) is affected.
- Version 5.2(2h) is affected.
- Version 5.2(3f) is affected.
- Version 5.2(3e) is affected.
- Version 5.2(3g) is affected.
- Version 4.2(7r) is affected.
- Version 4.2(7s) is affected.
- Version 5.2(4d) is affected.
- Version 5.2(4e) is affected.
- Version 4.2(7t) is affected.
- Version 5.2(5d) is affected.
- Version 3.2(10g) is affected.
- Version 5.2(5c) is affected.
- Version 6.0(1g) is affected.
- Version 4.2(7u) is affected.
- Version 5.2(5e) is affected.
- Version 5.2(4f) is affected.
- Version 5.2(6e) is affected.
- Version 6.0(1j) is affected.
- Version 5.2(6g) is affected.
- Version 5.2(7f) is affected.
- Version 4.2(7v) is affected.
- Version 5.2(7g) is affected.
- Version 6.0(2h) is affected.
- Version 4.2(7w) is affected.
- Version 5.2(6h) is affected.
- Version 5.2(4h) is affected.
- Version 5.2(8d) is affected.
- Version 6.0(2j) is affected.
- Version 5.2(8e) is affected.
- Version 6.0(3d) is affected.
- Version 6.0(3e) is affected.
- Version 5.2(8f) is affected.
- Version 5.2(8g) is affected.
- Version 5.3(1d) is affected.
- Version 5.2(8h) is affected.
- Version 6.0(4c) is affected.
- Version 5.3(2a) is affected.
- Version 5.2(8i) is affected.
- Version 6.0(5h) is affected.
- Version 5.3(2b) is affected.
- Version 6.0(3g) is affected.
- Version 6.0(5j) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.