Cisco Application Policy Infrastructure Controller — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Application Policy Infrastructure Controller, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (34)
CVE-2021-1388 — CVSS 10.0 (critical): A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an…
CVE-2021-1396 — CVSS 9.8 (critical): Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to…
CVE-2021-1393 — CVSS 9.8 (critical): Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to…
CVE-2021-1577 — CVSS 9.1 (critical): A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy…
CVE-2023-20011 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network…
CVE-2021-1578 — CVSS 8.8 (high): A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy…
CVE-2021-1579 — CVSS 8.1 (high): A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy…
CVE-2017-6768 — CVSS 7.8 (high): A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy…
CVE-2019-1682 — CVSS 7.8 (high): A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an…
CVE-2015-6424 — CVSS 7.2 (high): The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access…
CVE-2019-1889 — CVSS 7.2 (high): A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could…
CVE-2017-6767 — CVSS 7.1 (high): A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher…
CVE-2017-12352 — CVSS 6.7 (medium): A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could…
CVE-2021-1580 — CVSS 6.5 (medium): Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC…
CVE-2019-1690 — CVSS 6.5 (medium): A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an…
CVE-2024-20478 — CVSS 6.5 (medium): A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network…
CVE-2016-6457 — CVSS 6.5 (medium): A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an…
CVE-2021-1581 — CVSS 6.5 (medium): Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC…
CVE-2019-1890 — CVSS 6.5 (medium): A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric…
CVE-2025-20119 — CVSS 6.0 (medium): A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical…
CVE-2020-3335 — CVSS 5.5 (medium): A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read…
CVE-2023-20230 — CVSS 5.4 (medium): A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow…
CVE-2019-1838 — CVSS 5.4 (medium): A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) could allow an…
CVE-2021-1582 — CVSS 5.4 (medium): A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an…
CVE-2020-3333 — CVSS 5.3 (medium): A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event…
CVE-2020-3139 — CVSS 5.3 (medium): A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure…
CVE-2019-1692 — CVSS 5.3 (medium): A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) Software could allow an…
CVE-2025-20117 — CVSS 5.1 (medium): A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the…
CVE-2025-20116 — CVSS 4.8 (medium): A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected…
CVE-2015-6333 — CVSS 4.6 (medium): Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an…
CVE-2019-1586 — CVSS 4.6 (medium): A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with…
CVE-2025-20118 — CVSS 4.4 (medium): A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access…
CVE-2024-20279 — CVSS 4.3 (medium): A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow…