What is CVE-2023-20230?

CVE-2023-20230 is a medium-severity vulnerability in Cisco Application Policy Infrastructure Controller (Apic), classified under Improper Access Control. CVSS score: 5.4/10. Published 2023-08-23.

How severe is CVE-2023-20230?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Vulnerability in Cisco Application Policy Infrastructure Controller (Apic)

CVE-2023-20230

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access…

EPSS: 0.002 (46.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Cisco Application Policy Infrastructure Controller (Apic) — versions 5.2(6e), 5.2(6g), 5.2(7f)

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

cisco-sa-apic-uapa-F4TAShk

Frequently asked questions

What is CVE-2023-20230?: CVE-2023-20230 is a medium-severity vulnerability in Cisco Application Policy Infrastructure Controller (Apic), classified under Improper Access Control. CVSS score: 5.4/10. Published 2023-08-23.
How severe is CVE-2023-20230?: Medium severity. CVSS v3 base score is 5.4 out of 10.