发布日期：2023-08-23

更新日期：2023-10-25

受影响系统：

Cisco Cisco Application Policy Infrastructure Controller >= 6.0

Cisco Cisco Application Policy Infrastructure Controller >= 5.2

Cisco Cisco Application Policy Infrastructure Controller < 6.0\(3d\)

Cisco Cisco Application Policy Infrastructure Controller < 5.2\(8d\)

描述：

CVE(CAN) ID: CVE-2023-20230

Cisco Application Policy Infrastructure Controller（APIC）是美国思科（Cisco）公司的一款自动化的基础架构部署和治理解决方案。

Cisco Application Policy Infrastructure Controller 5.2至5.2\(8d\)之前版本和6.0至6.0\(3d\)之前版本存在权限分配错误漏洞，该漏洞源于访问控制错误漏洞，攻击者可利用该漏洞读取、修改或删除用户创建的策略。

< *链接：https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4T

*>

建议：

厂商补丁：

Cisco

-----

Cisco已经为此发布了一个安全公告（cisco-sa-apic-uapa-F4TAShk）以及相应补丁:

cisco-sa-apic-uapa-F4TAShk：Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability

链接：https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk

浏览次数：11

严重程度：0（网友投票）