Detections
Analytics

Cisco APIC Multiple Vulnerabilities (cisco-sa-apic-multi-vulns-9ummtg5)

medium Nessus Plugin ID 216917

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by multiple vulnerabilities.

 - A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to a race condition with handling system files. An attacker could exploit this vulnerability by doing specific operations on the file system. A successful exploit could allow the attacker to overwrite system files, which could lead to the device being in an inconsistent state and cause a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. (CVE-2025-20119)

 - A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information. (CVE-2025-20116)

 - A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as rooton the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. (CVE-2025-20117)

 - A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient masking of sensitive information that is displayed through system CLI commands. An attacker could exploit this vulnerability by using reconnaissance techniques at the device CLI. A successful exploit could allow the attacker to access sensitive information on an affected device that could be used for additional attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. (CVE-2025-20118)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwk18862, CSCwk18863, CSCwk18864, CSCwk18865

See Also

http://www.nessus.org/u?0ae11ce5

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk18862

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk18863

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk18864

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwk18865

Plugin Details

Severity: Medium

ID: 216917

File Name: cisco-sa-apic-multi-vulns-9ummtg5.nasl

Version: 1.1

Type: remote

Family: CISCO

Published: 2/27/2025

Updated: 2/27/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.7

CVSS v2

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:L/Au:M/C:N/I:C/A:C

CVSS Score Source: CVE-2025-20119

CVSS v3

Risk Factor: Medium

Base Score: 6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:application_policy_infrastructure_controller

Required KB Items: installed_sw/Cisco APIC Software

Exploit Ease: No known exploits are available

Patch Publication Date: 2/26/2025

Vulnerability Publication Date: 2/26/2025

Reference Information

CVE: CVE-2025-20116, CVE-2025-20117, CVE-2025-20118, CVE-2025-20119

CWE: 77, 79

CISCO-SA: cisco-sa-apic-multi-vulns-9ummtg5

IAVA: 2025-A-0136

CISCO-BUG-ID: CSCwk18862, CSCwk18863, CSCwk18864, CSCwk18865