Cisco Application Policy Infrastructure Controller ソフトウェアにおける情報漏えいに関する脆弱性
| Title |
Cisco Application Policy Infrastructure Controller ソフトウェアにおける情報漏えいに関する脆弱性
|
| Summary |
Cisco Application Policy Infrastructure Controller (APIC) ソフトウェアには、情報漏えいに関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
May 1, 2019, midnight |
| Registration Date |
May 31, 2019, 3:47 p.m. |
| Last Update |
May 31, 2019, 3:47 p.m. |
|
CVSS3.0 : 警告
|
| Score |
5.3
|
| Vector |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
CVSS2.0 : 警告
|
| Score |
5
|
| Vector |
AV:N/AC:L/Au:N/C:P/I:N/A:N |
Affected System
| シスコシステムズ |
|
Cisco Application Policy Infrastructure Controller
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2019年05月31日] 掲載 |
May 31, 2019, 3:47 p.m. |
NVD Vulnerability Information
CVE-2019-1692
| Summary |
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certain components in the underlying Application Centric Infrastructure (ACI). An attacker could exploit this vulnerability by attempting to observe certain network traffic when accessing the APIC. A successful exploit could allow the attacker to access and collect certain tracking data and usage statistics on an affected device.
|
| Publication Date |
May 4, 2019, 12:29 a.m. |
| Registration Date |
Jan. 26, 2021, 11:40 a.m. |
| Last Update |
Nov. 21, 2024, 1:37 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:cisco:application_policy_infrastructure_controller:8.3\(1\)s6:*:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:* |
|
|
|
4.1\(1i\) |
Related information, measures and tools
Common Vulnerabilities List