First published: Fri May 03 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Application Policy Infrastructure Controller | <4.1\(1i\) | |
Cisco Application Policy Infrastructure Controller | =8.3\(1\)s6 | |
<4.1\(1i\) | ||
=8.3\(1\)s6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1692 is a vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software that could allow an unauthenticated, remote attacker to access sensitive system usage information.
CVE-2019-1692 could allow an unauthenticated, remote attacker to access sensitive system usage information in the Cisco Application Policy Infrastructure Controller.
CVE-2019-1692 has a severity rating of 5.3, which is considered medium.
An attacker can exploit CVE-2019-1692 by accessing the web-based management interface of Cisco APIC Software and bypassing proper data protection mechanisms to gain access to sensitive system usage information.
Yes, Cisco has released a security advisory with mitigations and software updates to address the vulnerability. Please refer to the Cisco Security Advisory for more information.