First published: Fri May 03 2019(Updated: )
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Application Policy Infrastructure Controller | =4.1\(0.90a\) | |
=4.1\(0.90a\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1586 is a vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software that could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device.
An attacker with physical access to the affected device can exploit CVE-2019-1586 to obtain sensitive information by insecurely removing cleartext encryption keys stored locally.
CVE-2019-1586 has a severity rating of medium with a CVSS score of 4.6.
Yes, Cisco has provided a security advisory that contains information on software updates to address the vulnerability. Please refer to the reference links provided for more details.
You can find more information about CVE-2019-1586 on the Cisco Security Advisory and the SecurityFocus website. Please refer to the reference links provided for direct access to the information.