Cisco Application Policy Infrastructure Controller
Moderate fix2 remedies
cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 5.3
- <= 6.0
- <= 6.1
Cisco APIC Authenticated Command Injection Vulnerability
Vulnerability
Patched
A command injection vulnerability has been identified in the Command Line Interface (CLI) of Cisco Application Policy Infrastructure Controller (APIC). This vulnerability allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of the affected device. The issue arises from insufficient validation of arguments passed to specific CLI commands, enabling attackers to exploit it by injecting crafted input. Successful exploitation could lead to unauthorized command execution with root privileges.
Impact
Exploitation of this vulnerability could result in unauthorized execution of commands on the affected device's operating system with root privileges.
Remediation
Cisco has released software updates to address this vulnerability. For Cisco APIC versions 5.3 and earlier, users should migrate to a fixed release. For version 6.0, the first fixed release is 6.0(8e), and for version 6.1, it is 6.1(2f).
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
10.0exploitability
3.0remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.