CVE-2024-20478

28.08.2024, 17:15

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system.

This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root.
Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
cisco	CNA	6.5 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Vendor	Product	Version
cisco	application_policy_infrastructure_controller	1.1\(1d\)
cisco	application_policy_infrastructure_controller	1.1\(1j\)
cisco	application_policy_infrastructure_controller	1.1\(1n\)
cisco	application_policy_infrastructure_controller	1.1\(1o\)
cisco	application_policy_infrastructure_controller	1.1\(1r\)
cisco	application_policy_infrastructure_controller	1.1\(1s\)
cisco	application_policy_infrastructure_controller	1.1\(2h\)
cisco	application_policy_infrastructure_controller	1.1\(2i\)
cisco	application_policy_infrastructure_controller	1.1\(3f\)
cisco	application_policy_infrastructure_controller	1.1\(4e\)
cisco	application_policy_infrastructure_controller	1.1\(4f\)
cisco	application_policy_infrastructure_controller	1.1\(4g\)
cisco	application_policy_infrastructure_controller	1.1\(4i\)
cisco	application_policy_infrastructure_controller	1.1\(4l\)
cisco	application_policy_infrastructure_controller	1.1\(4m\)
cisco	application_policy_infrastructure_controller	1.2\(1h\)
cisco	application_policy_infrastructure_controller	1.2\(1i\)
cisco	application_policy_infrastructure_controller	1.2\(1k\)
cisco	application_policy_infrastructure_controller	1.2\(1m\)
cisco	application_policy_infrastructure_controller	1.2\(2g\)
cisco	application_policy_infrastructure_controller	1.2\(2h\)
cisco	application_policy_infrastructure_controller	1.2\(2i\)
cisco	application_policy_infrastructure_controller	1.2\(2j\)
cisco	application_policy_infrastructure_controller	1.2\(3c\)
cisco	application_policy_infrastructure_controller	1.2\(3e\)
cisco	application_policy_infrastructure_controller	1.2\(3h\)
cisco	application_policy_infrastructure_controller	1.2\(3m\)
cisco	application_policy_infrastructure_controller	1.3\(1g\)
cisco	application_policy_infrastructure_controller	1.3\(1h\)
cisco	application_policy_infrastructure_controller	1.3\(1i\)
cisco	application_policy_infrastructure_controller	1.3\(1j\)
cisco	application_policy_infrastructure_controller	1.3\(2f\)
cisco	application_policy_infrastructure_controller	1.3\(2h\)
cisco	application_policy_infrastructure_controller	1.3\(2i\)
cisco	application_policy_infrastructure_controller	1.3\(2j\)
cisco	application_policy_infrastructure_controller	1.3\(2k\)
cisco	application_policy_infrastructure_controller	2.0\(1k\)
cisco	application_policy_infrastructure_controller	2.0\(1l\)
cisco	application_policy_infrastructure_controller	2.0\(1m\)
cisco	application_policy_infrastructure_controller	2.0\(1n\)
cisco	application_policy_infrastructure_controller	2.0\(1o\)
cisco	application_policy_infrastructure_controller	2.0\(1p\)
cisco	application_policy_infrastructure_controller	2.0\(1q\)
cisco	application_policy_infrastructure_controller	2.0\(1r\)
cisco	application_policy_infrastructure_controller	2.0\(2f\)
cisco	application_policy_infrastructure_controller	2.0\(2g\)
cisco	application_policy_infrastructure_controller	2.0\(2h\)
cisco	application_policy_infrastructure_controller	2.0\(2l\)
cisco	application_policy_infrastructure_controller	2.0\(2m\)
cisco	application_policy_infrastructure_controller	2.0\(2n\)
cisco	application_policy_infrastructure_controller	2.0\(2o\)
cisco	application_policy_infrastructure_controller	2.1\(1h\)
cisco	application_policy_infrastructure_controller	2.1\(1i\)
cisco	application_policy_infrastructure_controller	2.1\(2e\)
cisco	application_policy_infrastructure_controller	2.1\(2f\)
cisco	application_policy_infrastructure_controller	2.1\(2g\)
cisco	application_policy_infrastructure_controller	2.1\(2k\)
cisco	application_policy_infrastructure_controller	2.1\(3g\)
cisco	application_policy_infrastructure_controller	2.1\(3h\)
cisco	application_policy_infrastructure_controller	2.1\(3j\)
cisco	application_policy_infrastructure_controller	2.1\(4a\)
cisco	application_policy_infrastructure_controller	2.2\(1k\)
cisco	application_policy_infrastructure_controller	2.2\(1n\)
cisco	application_policy_infrastructure_controller	2.2\(1o\)
cisco	application_policy_infrastructure_controller	2.2\(2e\)
cisco	application_policy_infrastructure_controller	2.2\(2f\)
cisco	application_policy_infrastructure_controller	2.2\(2i\)
cisco	application_policy_infrastructure_controller	2.2\(2j\)
cisco	application_policy_infrastructure_controller	2.2\(2k\)
cisco	application_policy_infrastructure_controller	2.2\(2q\)
cisco	application_policy_infrastructure_controller	2.2\(3j\)
cisco	application_policy_infrastructure_controller	2.2\(3p\)
cisco	application_policy_infrastructure_controller	2.2\(3r\)
cisco	application_policy_infrastructure_controller	2.2\(3s\)
cisco	application_policy_infrastructure_controller	2.2\(3t\)
cisco	application_policy_infrastructure_controller	2.2\(4f\)
cisco	application_policy_infrastructure_controller	2.2\(4p\)
cisco	application_policy_infrastructure_controller	2.2\(4q\)
cisco	application_policy_infrastructure_controller	2.2\(4r\)
cisco	application_policy_infrastructure_controller	2.3\(1e\)
cisco	application_policy_infrastructure_controller	2.3\(1f\)
cisco	application_policy_infrastructure_controller	2.3\(1i\)
cisco	application_policy_infrastructure_controller	2.3\(1l\)
cisco	application_policy_infrastructure_controller	2.3\(1o\)
cisco	application_policy_infrastructure_controller	2.3\(1p\)
cisco	application_policy_infrastructure_controller	3.0\(1i\)
cisco	application_policy_infrastructure_controller	3.0\(1k\)
cisco	application_policy_infrastructure_controller	3.0\(2h\)
cisco	application_policy_infrastructure_controller	3.0\(2k\)
cisco	application_policy_infrastructure_controller	3.0\(2m\)
cisco	application_policy_infrastructure_controller	3.0\(2n\)
cisco	application_policy_infrastructure_controller	3.1\(1i\)
cisco	application_policy_infrastructure_controller	3.1\(2m\)
cisco	application_policy_infrastructure_controller	3.1\(2o\)
cisco	application_policy_infrastructure_controller	3.1\(2p\)
cisco	application_policy_infrastructure_controller	3.1\(2q\)
cisco	application_policy_infrastructure_controller	3.1\(2s\)
cisco	application_policy_infrastructure_controller	3.1\(2t\)
cisco	application_policy_infrastructure_controller	3.1\(2u\)
cisco	application_policy_infrastructure_controller	3.1\(2v\)
cisco	application_policy_infrastructure_controller	3.2\(1l\)
cisco	application_policy_infrastructure_controller	3.2\(1m\)
cisco	application_policy_infrastructure_controller	3.2\(2l\)
cisco	application_policy_infrastructure_controller	3.2\(2o\)
cisco	application_policy_infrastructure_controller	3.2\(3i\)
cisco	application_policy_infrastructure_controller	3.2\(3j\)
cisco	application_policy_infrastructure_controller	3.2\(3n\)
cisco	application_policy_infrastructure_controller	3.2\(3o\)
cisco	application_policy_infrastructure_controller	3.2\(3r\)
cisco	application_policy_infrastructure_controller	3.2\(3s\)
cisco	application_policy_infrastructure_controller	3.2\(4d\)
cisco	application_policy_infrastructure_controller	3.2\(4e\)
cisco	application_policy_infrastructure_controller	3.2\(5d\)
cisco	application_policy_infrastructure_controller	3.2\(5e\)
cisco	application_policy_infrastructure_controller	3.2\(5f\)
cisco	application_policy_infrastructure_controller	3.2\(6i\)
cisco	application_policy_infrastructure_controller	3.2\(7f\)
cisco	application_policy_infrastructure_controller	3.2\(7k\)
cisco	application_policy_infrastructure_controller	3.2\(8d\)
cisco	application_policy_infrastructure_controller	3.2\(9b\)
cisco	application_policy_infrastructure_controller	3.2\(9f\)
cisco	application_policy_infrastructure_controller	3.2\(9h\)
cisco	application_policy_infrastructure_controller	3.2\(10e\)
cisco	application_policy_infrastructure_controller	3.2\(10f\)
cisco	application_policy_infrastructure_controller	3.2\(10g\)
cisco	application_policy_infrastructure_controller	3.2\(41d\)
cisco	application_policy_infrastructure_controller	4.0\(1h\)
cisco	application_policy_infrastructure_controller	4.0\(2c\)
cisco	application_policy_infrastructure_controller	4.0\(3c\)
cisco	application_policy_infrastructure_controller	4.0\(3d\)
cisco	application_policy_infrastructure_controller	4.1\(1a\)
cisco	application_policy_infrastructure_controller	4.1\(1i\)
cisco	application_policy_infrastructure_controller	4.1\(1j\)
cisco	application_policy_infrastructure_controller	4.1\(1k\)
cisco	application_policy_infrastructure_controller	4.1\(1l\)
cisco	application_policy_infrastructure_controller	4.1\(2g\)
cisco	application_policy_infrastructure_controller	4.1\(2m\)
cisco	application_policy_infrastructure_controller	4.1\(2o\)
cisco	application_policy_infrastructure_controller	4.1\(2s\)
cisco	application_policy_infrastructure_controller	4.1\(2u\)
cisco	application_policy_infrastructure_controller	4.1\(2w\)
cisco	application_policy_infrastructure_controller	4.1\(2x\)
cisco	application_policy_infrastructure_controller	4.2\(1g\)
cisco	application_policy_infrastructure_controller	4.2\(1i\)
cisco	application_policy_infrastructure_controller	4.2\(1j\)
cisco	application_policy_infrastructure_controller	4.2\(1l\)
cisco	application_policy_infrastructure_controller	4.2\(2e\)
cisco	application_policy_infrastructure_controller	4.2\(2f\)
cisco	application_policy_infrastructure_controller	4.2\(2g\)
cisco	application_policy_infrastructure_controller	4.2\(3j\)
cisco	application_policy_infrastructure_controller	4.2\(3l\)
cisco	application_policy_infrastructure_controller	4.2\(3n\)
cisco	application_policy_infrastructure_controller	4.2\(3q\)
cisco	application_policy_infrastructure_controller	4.2\(4i\)
cisco	application_policy_infrastructure_controller	4.2\(4k\)
cisco	application_policy_infrastructure_controller	4.2\(4o\)
cisco	application_policy_infrastructure_controller	4.2\(4p\)
cisco	application_policy_infrastructure_controller	4.2\(5k\)
cisco	application_policy_infrastructure_controller	4.2\(5l\)
cisco	application_policy_infrastructure_controller	4.2\(5n\)
cisco	application_policy_infrastructure_controller	4.2\(6d\)
cisco	application_policy_infrastructure_controller	4.2\(6g\)
cisco	application_policy_infrastructure_controller	4.2\(6h\)
cisco	application_policy_infrastructure_controller	4.2\(6l\)
cisco	application_policy_infrastructure_controller	4.2\(6o\)
cisco	application_policy_infrastructure_controller	4.2\(7f\)
cisco	application_policy_infrastructure_controller	4.2\(7l\)
cisco	application_policy_infrastructure_controller	4.2\(7q\)
cisco	application_policy_infrastructure_controller	4.2\(7r\)
cisco	application_policy_infrastructure_controller	4.2\(7s\)
cisco	application_policy_infrastructure_controller	4.2\(7t\)
cisco	application_policy_infrastructure_controller	4.2\(7u\)
cisco	application_policy_infrastructure_controller	4.2\(7v\)
cisco	application_policy_infrastructure_controller	4.2\(7w\)
cisco	application_policy_infrastructure_controller	5.0\(1k\)
cisco	application_policy_infrastructure_controller	5.0\(1l\)
cisco	application_policy_infrastructure_controller	5.0\(2e\)
cisco	application_policy_infrastructure_controller	5.0\(2h\)
cisco	application_policy_infrastructure_controller	5.1\(1h\)
cisco	application_policy_infrastructure_controller	5.1\(2e\)
cisco	application_policy_infrastructure_controller	5.1\(3e\)
cisco	application_policy_infrastructure_controller	5.1\(4c\)
cisco	application_policy_infrastructure_controller	5.2\(1g\)
cisco	application_policy_infrastructure_controller	5.2\(2e\)
cisco	application_policy_infrastructure_controller	5.2\(2f\)
cisco	application_policy_infrastructure_controller	5.2\(2g\)
cisco	application_policy_infrastructure_controller	5.2\(2h\)
cisco	application_policy_infrastructure_controller	5.2\(3e\)
cisco	application_policy_infrastructure_controller	5.2\(3f\)
cisco	application_policy_infrastructure_controller	5.2\(3g\)
cisco	application_policy_infrastructure_controller	5.2\(4d\)
cisco	application_policy_infrastructure_controller	5.2\(4e\)
cisco	application_policy_infrastructure_controller	5.2\(4f\)
cisco	application_policy_infrastructure_controller	5.2\(4h\)
cisco	application_policy_infrastructure_controller	5.2\(5c\)
cisco	application_policy_infrastructure_controller	5.2\(5d\)
cisco	application_policy_infrastructure_controller	5.2\(5e\)
cisco	application_policy_infrastructure_controller	5.2\(6e\)
cisco	application_policy_infrastructure_controller	5.2\(6g\)
cisco	application_policy_infrastructure_controller	5.2\(6h\)
cisco	application_policy_infrastructure_controller	5.2\(7f\)
cisco	application_policy_infrastructure_controller	5.2\(7g\)
cisco	application_policy_infrastructure_controller	5.2\(8d\)
cisco	application_policy_infrastructure_controller	5.2\(8e\)
cisco	application_policy_infrastructure_controller	5.2\(8f\)
cisco	application_policy_infrastructure_controller	5.2\(8g\)
cisco	application_policy_infrastructure_controller	5.2\(8h\)
cisco	application_policy_infrastructure_controller	5.2\(8i\)
cisco	application_policy_infrastructure_controller	5.3\(1d\)
cisco	application_policy_infrastructure_controller	5.3\(2a\)
cisco	application_policy_infrastructure_controller	5.3\(2b\)
cisco	application_policy_infrastructure_controller	5.3\(2c\)
cisco	application_policy_infrastructure_controller	6.0\(1g\)
cisco	application_policy_infrastructure_controller	6.0\(1j\)
cisco	application_policy_infrastructure_controller	6.0\(2h\)
cisco	application_policy_infrastructure_controller	6.0\(2j\)
cisco	application_policy_infrastructure_controller	6.0\(3d\)
cisco	application_policy_infrastructure_controller	6.0\(3e\)
cisco	application_policy_infrastructure_controller	6.0\(3g\)
cisco	application_policy_infrastructure_controller	6.0\(4c\)
cisco	application_policy_infrastructure_controller	6.0\(5h\)
cisco	application_policy_infrastructure_controller	6.0\(5j\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-250 - Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-priv-esc-uYQJjnuU