製品・ソフトウェアに関する情報
Cisco Application Policy Infrastructure Controller ソフトウェアにおける情報漏えいに関する脆弱性
Title Cisco Application Policy Infrastructure Controller ソフトウェアにおける情報漏えいに関する脆弱性
Summary

Cisco Application Policy Infrastructure Controller (APIC) ソフトウェアには、情報漏えいに関する脆弱性が存在します。

Possible impacts 情報を取得される可能性があります。
Solution

ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。

Publication Date May 1, 2019, midnight
Registration Date May 31, 2019, 3:47 p.m.
Last Update May 31, 2019, 3:47 p.m.
CVSS3.0 : 警告
Score 5.3
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS2.0 : 警告
Score 5
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected System
シスコシステムズ
Cisco Application Policy Infrastructure Controller 
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
No Changed Details Date of change
1 [2019年05月31日]
  掲載
May 31, 2019, 3:47 p.m.

NVD Vulnerability Information
CVE-2019-1692
Summary

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device.

Publication Date May 4, 2019, 12:29 a.m.
Registration Date Jan. 26, 2021, 11:40 a.m.
Last Update Nov. 21, 2024, 1:37 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:cisco:application_policy_infrastructure_controller:8.3\(1\)s6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:* 4.1\(1i\)
Related information, measures and tools
Common Vulnerabilities List