CVE-2019-1586: Cisco Application Policy Infrastructure Controller Recoverable Encryption Key Vulnerability
First published: Fri May 03 2019(Updated: )
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Application Policy Infrastructure Controller | =4.1\(0.90a\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-1586 vulnerability?
CVE-2019-1586 is a vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software that could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device.
How can an attacker exploit CVE-2019-1586?
An attacker with physical access to the affected device can exploit CVE-2019-1586 to obtain sensitive information by insecurely removing cleartext encryption keys stored locally.
What is the severity of CVE-2019-1586?
CVE-2019-1586 has a severity rating of medium with a CVSS score of 4.6.
Is there a fix for CVE-2019-1586 vulnerability?
Yes, Cisco has provided a security advisory that contains information on software updates to address the vulnerability. Please refer to the reference links provided for more details.
Where can I find more information about CVE-2019-1586?
You can find more information about CVE-2019-1586 on the Cisco Security Advisory and the SecurityFocus website. Please refer to the reference links provided for direct access to the information.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/title
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco application policy infrastructure controller
- version/cisco application policy infrastructure controller/4.1\(0.90a\)