A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Application_policy_infrastructure_controller | Cisco | * | 3.2(10f) (excluding) |
| Application_policy_infrastructure_controller | Cisco | 4.0 (including) | 4.2(7l) (excluding) |
| Application_policy_infrastructure_controller | Cisco | 5.0 (including) | 5.2(2f) (excluding) |
| Cloud_application_policy_infrastructure_controller | Cisco | * | 3.2(10f) (excluding) |
| Cloud_application_policy_infrastructure_controller | Cisco | 4.0 (including) | 4.2(7l) (excluding) |
| Cloud_application_policy_infrastructure_controller | Cisco | 5.0 (including) | 5.2(2f) (excluding) |