Auth bypass in Cisco Application Policy Infrastructure Controller (Apic)
CVE-2020-3333
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who m…
Vulnerability class: Broken Authentication
EPSS: 0.006 (68.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Cisco Application Policy Infrastructure Controller (Apic) — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 20200603 Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability (vendor-advisory, x_refsource_CISCO)
Frequently asked questions
- What is CVE-2020-3333?
- CVE-2020-3333 is a medium-severity vulnerability in Cisco Application Policy Infrastructure Controller (Apic), classified under Missing Authentication for Critical Function. CVSS score: 5.3/10. Published 2020-06-03.
- How severe is CVE-2020-3333?
- Medium severity. CVSS v3 base score is 5.3 out of 10.
- Is CVE-2020-3333 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.