Vulnerability Bulletins

Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability

System information

Affected software Cisco


A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries.

More info:

Standar resources

Property Value
CVE CVE-2023-20230.

Version history

Version Comments Date
1.0 Advisory issued 2023-08-24
Ministerio de Defensa