Cisco APIC & Cloud NC: Authenticated RCE via Unverified Images
CVE-2024-20478 Published on August 28, 2024
Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.
This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.
Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.
Vulnerability Analysis
CVE-2024-20478 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE
Weakness Type
Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Products Associated with CVE-2024-20478
Want to know whenever a new CVE is published for Cisco Application Policy Infrastructure Controller? stack.watch will email you.
Affected Versions
Cisco Application Policy Infrastructure Controller (APIC):- Version 3.2(8d) is affected.
- Version 2.2(1o) is affected.
- Version 1.2(2h) is affected.
- Version 2.2(2i) is affected.
- Version 1.2(1k) is affected.
- Version 2.2(1k) is affected.
- Version 3.1(2m) is affected.
- Version 3.2(1m) is affected.
- Version 3.2(5e) is affected.
- Version 4.1(2m) is affected.
- Version 3.2(41d) is affected.
- Version 1.1(1o) is affected.
- Version 1.2(1m) is affected.
- Version 1.2(2j) is affected.
- Version 2.2(4r) is affected.
- Version 2.2(3j) is affected.
- Version 1.1(3f) is affected.
- Version 2.2(2f) is affected.
- Version 1.1(4m) is affected.
- Version 2.2(2k) is affected.
- Version 2.1(1i) is affected.
- Version 2.0(1p) is affected.
- Version 3.1(2p) is affected.
- Version 3.2(3s) is affected.
- Version 4.0(3c) is affected.
- Version 1.1(4e) is affected.
- Version 4.1(1k) is affected.
- Version 2.2(4f) is affected.
- Version 2.1(3h) is affected.
- Version 3.2(4d) is affected.
- Version 2.0(1n) is affected.
- Version 2.0(1m) is affected.
- Version 2.0(1r) is affected.
- Version 2.1(2e) is affected.
- Version 4.2(2e) is affected.
- Version 4.2(3j) is affected.
- Version 4.2(3n) is affected.
- Version 2.0(1l) is affected.
- Version 2.2(2e) is affected.
- Version 2.2(3r) is affected.
- Version 3.0(2k) is affected.
- Version 2.1(3g) is affected.
- Version 4.0(1h) is affected.
- Version 2.0(1o) is affected.
- Version 2.2(3p) is affected.
- Version 1.2(3e) is affected.
- Version 2.2(3s) is affected.
- Version 2.0(2g) is affected.
- Version 4.1(1l) is affected.
- Version 3.2(9f) is affected.
- Version 4.2(3l) is affected.
- Version 4.2(2g) is affected.
- Version 1.2(3c) is affected.
- Version 3.2(7k) is affected.
- Version 1.3(2h) is affected.
- Version 3.2(9b) is affected.
- Version 1.3(2k) is affected.
- Version 3.1(2t) is affected.
- Version 1.1(2h) is affected.
- Version 3.2(3j) is affected.
- Version 2.1(2k) is affected.
- Version 2.3(1f) is affected.
- Version 1.2(3h) is affected.
- Version 3.0(1i) is affected.
- Version 4.1(2u) is affected.
- Version 4.2(1l) is affected.
- Version 4.1(1a) is affected.
- Version 4.0(3d) is affected.
- Version 1.1(4l) is affected.
- Version 2.3(1i) is affected.
- Version 3.1(2q) is affected.
- Version 3.2(4e) is affected.
- Version 4.1(1i) is affected.
- Version 3.1(1i) is affected.
- Version 2.0(2m) is affected.
- Version 3.0(2h) is affected.
- Version 2.2(2q) is affected.
- Version 2.3(1l) is affected.
- Version 1.3(1h) is affected.
- Version 3.0(2n) is affected.
- Version 3.2(5f) is affected.
- Version 1.2(1h) is affected.
- Version 3.2(1l) is affected.
- Version 4.2(1i) is affected.
- Version 4.1(2o) is affected.
- Version 1.2(1i) is affected.
- Version 1.3(1j) is affected.
- Version 2.1(1h) is affected.
- Version 2.0(2l) is affected.
- Version 2.0(2h) is affected.
- Version 1.2(2g) is affected.
- Version 3.0(1k) is affected.
- Version 4.2(1g) is affected.
- Version 2.1(2g) is affected.
- Version 2.0(1q) is affected.
- Version 1.1(1j) is affected.
- Version 4.1(2g) is affected.
- Version 1.1(1r) is affected.
- Version 4.2(2f) is affected.
- Version 3.2(6i) is affected.
- Version 1.3(1g) is affected.
- Version 1.3(2j) is affected.
- Version 1.3(2i) is affected.
- Version 2.0(2o) is affected.
- Version 2.2(4q) is affected.
- Version 2.3(1o) is affected.
- Version 3.2(3i) is affected.
- Version 2.2(2j) is affected.
- Version 1.1(1d) is affected.
- Version 2.0(2n) is affected.
- Version 2.2(3t) is affected.
- Version 3.2(3n) is affected.
- Version 1.1(4g) is affected.
- Version 4.1(2x) is affected.
- Version 3.2(5d) is affected.
- Version 3.1(2o) is affected.
- Version 1.2(2i) is affected.
- Version 2.1(2f) is affected.
- Version 1.3(2f) is affected.
- Version 4.2(3q) is affected.
- Version 4.1(1j) is affected.
- Version 2.0(2f) is affected.
- Version 2.3(1e) is affected.
- Version 1.1(1s) is affected.
- Version 3.1(2v) is affected.
- Version 4.1(2w) is affected.
- Version 1.1(4i) is affected.
- Version 3.1(2u) is affected.
- Version 1.1(4f) is affected.
- Version 3.0(2m) is affected.
- Version 2.0(1k) is affected.
- Version 3.2(2o) is affected.
- Version 3.2(3r) is affected.
- Version 1.1(2i) is affected.
- Version 4.0(2c) is affected.
- Version 1.3(1i) is affected.
- Version 4.1(2s) is affected.
- Version 3.2(7f) is affected.
- Version 1.2(3m) is affected.
- Version 3.2(3o) is affected.
- Version 3.1(2s) is affected.
- Version 3.2(2l) is affected.
- Version 4.2(1j) is affected.
- Version 2.3(1p) is affected.
- Version 2.1(4a) is affected.
- Version 1.1(1n) is affected.
- Version 2.2(1n) is affected.
- Version 2.2(4p) is affected.
- Version 2.1(3j) is affected.
- Version 4.2(4i) is affected.
- Version 3.2(9h) is affected.
- Version 5.0(1k) is affected.
- Version 4.2(4k) is affected.
- Version 5.0(1l) is affected.
- Version 5.0(2e) is affected.
- Version 4.2(4o) is affected.
- Version 4.2(4p) is affected.
- Version 5.0(2h) is affected.
- Version 4.2(5k) is affected.
- Version 4.2(5l) is affected.
- Version 4.2(5n) is affected.
- Version 5.1(1h) is affected.
- Version 4.2(6d) is affected.
- Version 5.1(2e) is affected.
- Version 4.2(6g) is affected.
- Version 4.2(6h) is affected.
- Version 5.1(3e) is affected.
- Version 3.2(10e) is affected.
- Version 4.2(6l) is affected.
- Version 4.2(7f) is affected.
- Version 5.1(4c) is affected.
- Version 4.2(6o) is affected.
- Version 5.2(1g) is affected.
- Version 5.2(2e) is affected.
- Version 4.2(7l) is affected.
- Version 3.2(10f) is affected.
- Version 5.2(2f) is affected.
- Version 5.2(2g) is affected.
- Version 4.2(7q) is affected.
- Version 5.2(2h) is affected.
- Version 5.2(3f) is affected.
- Version 5.2(3e) is affected.
- Version 5.2(3g) is affected.
- Version 4.2(7r) is affected.
- Version 4.2(7s) is affected.
- Version 5.2(4d) is affected.
- Version 5.2(4e) is affected.
- Version 4.2(7t) is affected.
- Version 5.2(5d) is affected.
- Version 3.2(10g) is affected.
- Version 5.2(5c) is affected.
- Version 6.0(1g) is affected.
- Version 4.2(7u) is affected.
- Version 5.2(5e) is affected.
- Version 5.2(4f) is affected.
- Version 5.2(6e) is affected.
- Version 6.0(1j) is affected.
- Version 5.2(6g) is affected.
- Version 5.2(7f) is affected.
- Version 4.2(7v) is affected.
- Version 5.2(7g) is affected.
- Version 6.0(2h) is affected.
- Version 4.2(7w) is affected.
- Version 5.2(6h) is affected.
- Version 5.2(4h) is affected.
- Version 5.2(8d) is affected.
- Version 6.0(2j) is affected.
- Version 5.2(8e) is affected.
- Version 6.0(3d) is affected.
- Version 6.0(3e) is affected.
- Version 5.2(8f) is affected.
- Version 5.2(8g) is affected.
- Version 5.3(1d) is affected.
- Version 5.2(8h) is affected.
- Version 6.0(4c) is affected.
- Version 5.3(2a) is affected.
- Version 5.2(8i) is affected.
- Version 6.0(5h) is affected.
- Version 5.3(2b) is affected.
- Version 6.0(3g) is affected.
- Version 6.0(5j) is affected.
- Version 5.3(2c) is affected.
- Version 3.2\(8d\) is affected.
- Version 2.2\(1o\) is affected.
- Version 1.2\(2h\) is affected.
- Version 2.2\(2i\) is affected.
- Version 1.2\(1k\) is affected.
- Version 2.2\(1k\) is affected.
- Version 3.1\(2m\) is affected.
- Version 3.2\(1m\) is affected.
- Version 3.2\(5e\) is affected.
- Version 4.1\(2m\) is affected.
- Version 3.2\(41d\) is affected.
- Version 1.1\(1o\) is affected.
- Version 1.2\(1m\) is affected.
- Version 1.2\(2j\) is affected.
- Version 2.2\(4r\) is affected.
- Version 2.2\(3j\) is affected.
- Version 1.1\(3f\) is affected.
- Version 2.2\(2f\) is affected.
- Version 1.1\(4m\) is affected.
- Version 2.2\(2k\) is affected.
- Version 2.1\(1i\) is affected.
- Version 2.0\(1p\) is affected.
- Version 3.1\(2p\) is affected.
- Version 3.2\(3s\) is affected.
- Version 4.0\(3c\) is affected.
- Version 1.1\(4e\) is affected.
- Version 4.1\(1k\) is affected.
- Version 2.2\(4f\) is affected.
- Version 2.1\(3h\) is affected.
- Version 3.2\(4d\) is affected.
- Version 2.0\(1n\) is affected.
- Version 2.0\(1m\) is affected.
- Version 2.0\(1r\) is affected.
- Version 2.1\(2e\) is affected.
- Version 4.2\(2e\) is affected.
- Version 4.2\(3j\) is affected.
- Version 4.2\(3n\) is affected.
- Version 2.0\(1l\) is affected.
- Version 2.2\(2e\) is affected.
- Version 2.2\(3r\) is affected.
- Version 3.0\(2k\) is affected.
- Version 2.1\(3g\) is affected.
- Version 4.0\(1h\) is affected.
- Version 2.0\(1o\) is affected.
- Version 2.2\(3p\) is affected.
- Version 1.2\(3e\) is affected.
- Version 2.2\(3s\) is affected.
- Version 2.0\(2g\) is affected.
- Version 4.1\(1l\) is affected.
- Version 3.2\(9f\) is affected.
- Version 4.2\(3l\) is affected.
- Version 4.2\(2g\) is affected.
- Version 1.2\(3c\) is affected.
- Version 3.2\(7k\) is affected.
- Version 1.3\(2h\) is affected.
- Version 3.2\(9b\) is affected.
- Version 1.3\(2k\) is affected.
- Version 3.1\(2t\) is affected.
- Version 1.1\(2h\) is affected.
- Version 3.2\(3j\) is affected.
- Version 2.1\(2k\) is affected.
- Version 2.3\(1f\) is affected.
- Version 1.2\(3h\) is affected.
- Version 3.0\(1i\) is affected.
- Version 4.1\(2u\) is affected.
- Version 4.2\(1l\) is affected.
- Version 4.1\(1a\) is affected.
- Version 4.0\(3d\) is affected.
- Version 1.1\(4l\) is affected.
- Version 2.3\(1i\) is affected.
- Version 3.1\(2q\) is affected.
- Version 3.2\(4e\) is affected.
- Version 4.1\(1i\) is affected.
- Version 3.1\(1i\) is affected.
- Version 2.0\(2m\) is affected.
- Version 3.0\(2h\) is affected.
- Version 2.2\(2q\) is affected.
- Version 2.3\(1l\) is affected.
- Version 1.3\(1h\) is affected.
- Version 3.0\(2n\) is affected.
- Version 3.2\(5f\) is affected.
- Version 1.2\(1h\) is affected.
- Version 3.2\(1l\) is affected.
- Version 4.2\(1i\) is affected.
- Version 4.1\(2o\) is affected.
- Version 1.2\(1i\) is affected.
- Version 1.3\(1j\) is affected.
- Version 2.1\(1h\) is affected.
- Version 2.0\(2l\) is affected.
- Version 2.0\(2h\) is affected.
- Version 1.2\(2g\) is affected.
- Version 3.0\(1k\) is affected.
- Version 4.2\(1g\) is affected.
- Version 2.1\(2g\) is affected.
- Version 2.0\(1q\) is affected.
- Version 1.1\(1j\) is affected.
- Version 4.1\(2g\) is affected.
- Version 1.1\(1r\) is affected.
- Version 4.2\(2f\) is affected.
- Version 3.2\(6i\) is affected.
- Version 1.3\(1g\) is affected.
- Version 1.3\(2j\) is affected.
- Version 1.3\(2i\) is affected.
- Version 2.0\(2o\) is affected.
- Version 2.2\(4q\) is affected.
- Version 2.3\(1o\) is affected.
- Version 3.2\(3i\) is affected.
- Version 2.2\(2j\) is affected.
- Version 1.1\(1d\) is affected.
- Version 2.0\(2n\) is affected.
- Version 2.2\(3t\) is affected.
- Version 3.2\(3n\) is affected.
- Version 1.1\(4g\) is affected.
- Version 4.1\(2x\) is affected.
- Version 3.2\(5d\) is affected.
- Version 3.1\(2o\) is affected.
- Version 1.2\(2i\) is affected.
- Version 2.1\(2f\) is affected.
- Version 1.3\(2f\) is affected.
- Version 4.2\(3q\) is affected.
- Version 4.1\(1j\) is affected.
- Version 2.0\(2f\) is affected.
- Version 2.3\(1e\) is affected.
- Version 1.1\(1s\) is affected.
- Version 3.1\(2v\) is affected.
- Version 4.1\(2w\) is affected.
- Version 1.1\(4i\) is affected.
- Version 3.1\(2u\) is affected.
- Version 1.1\(4f\) is affected.
- Version 3.0\(2m\) is affected.
- Version 2.0\(1k\) is affected.
- Version 3.2\(2o\) is affected.
- Version 3.2\(3r\) is affected.
- Version 1.1\(2i\) is affected.
- Version 4.0\(2c\) is affected.
- Version 1.3\(1i\) is affected.
- Version 4.1\(2s\) is affected.
- Version 3.2\(7f\) is affected.
- Version 1.2\(3m\) is affected.
- Version 3.2\(3o\) is affected.
- Version 3.1\(2s\) is affected.
- Version 3.2\(2l\) is affected.
- Version 4.2\(1j\) is affected.
- Version 2.3\(1p\) is affected.
- Version 2.1\(4a\) is affected.
- Version 1.1\(1n\) is affected.
- Version 2.2\(1n\) is affected.
- Version 2.2\(4p\) is affected.
- Version 2.1\(3j\) is affected.
- Version 4.2\(4i\) is affected.
- Version 3.2\(9h\) is affected.
- Version 5.0\(1k\) is affected.
- Version 4.2\(4k\) is affected.
- Version 5.0\(1l\) is affected.
- Version 5.0\(2e\) is affected.
- Version 4.2\(4o\) is affected.
- Version 4.2\(4p\) is affected.
- Version 5.0\(2h\) is affected.
- Version 4.2\(5k\) is affected.
- Version 4.2\(5l\) is affected.
- Version 4.2\(5n\) is affected.
- Version 5.1\(1h\) is affected.
- Version 4.2\(6d\) is affected.
- Version 5.1\(2e\) is affected.
- Version 4.2\(6g\) is affected.
- Version 4.2\(6h\) is affected.
- Version 5.1\(3e\) is affected.
- Version 3.2\(10e\) is affected.
- Version 4.2\(6l\) is affected.
- Version 4.2\(7f\) is affected.
- Version 5.1\(4c\) is affected.
- Version 4.2\(6o\) is affected.
- Version 5.2\(1g\) is affected.
- Version 5.2\(2e\) is affected.
- Version 4.2\(7l\) is affected.
- Version 3.2\(10f\) is affected.
- Version 5.2\(2f\) is affected.
- Version 5.2\(2g\) is affected.
- Version 4.2\(7q\) is affected.
- Version 5.2\(2h\) is affected.
- Version 5.2\(3f\) is affected.
- Version 5.2\(3e\) is affected.
- Version 5.2\(3g\) is affected.
- Version 4.2\(7r\) is affected.
- Version 4.2\(7s\) is affected.
- Version 5.2\(4d\) is affected.
- Version 5.2\(4e\) is affected.
- Version 4.2\(7t\) is affected.
- Version 5.2\(5d\) is affected.
- Version 3.2\(10g\) is affected.
- Version 5.2\(5c\) is affected.
- Version 6.0\(1g\) is affected.
- Version 4.2\(7u\) is affected.
- Version 5.2\(5e\) is affected.
- Version 5.2\(4f\) is affected.
- Version 5.2\(6e\) is affected.
- Version 6.0\(1j\) is affected.
- Version 5.2\(6g\) is affected.
- Version 5.2\(7f\) is affected.
- Version 4.2\(7v\) is affected.
- Version 5.2\(7g\) is affected.
- Version 6.0\(2h\) is affected.
- Version 4.2\(7w\) is affected.
- Version 5.2\(6h\) is affected.
- Version 5.2\(4h\) is affected.
- Version 5.2\(8d\) is affected.
- Version 6.0\(2j\) is affected.
- Version 5.2\(8e\) is affected.
- Version 6.0\(3d\) is affected.
- Version 6.0\(3e\) is affected.
- Version 5.2\(8f\) is affected.
- Version 5.2\(8g\) is affected.
- Version 5.3\(1d\) is affected.
- Version 5.2\(8h\) is affected.
- Version 6.0\(4c\) is affected.
- Version 5.3\(2a\) is affected.
- Version 5.2\(8i\) is affected.
- Version 6.0\(5h\) is affected.
- Version 5.3\(2b\) is affected.
- Version 6.0\(3g\) is affected.
- Version 6.0\(5j\) is affected.
- Version 5.3\(2c\) is affected.
Exploit Probability
EPSS
0.27%
Percentile
50.16%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.