Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20230", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.369Z", "datePublished": "2023-08-23T18:21:39.489Z", "dateUpdated": "2024-10-01T15:53:16.612Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:58:26.252Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system.\r\n\r This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access."}], "affected": [{"vendor": "Cisco", "product": "Cisco Application Policy Infrastructure Controller (APIC)", "versions": [{"version": "5.2(6e)", "status": "affected"}, {"version": "5.2(6g)", "status": "affected"}, {"version": "5.2(7f)", "status": "affected"}, {"version": "5.2(7g)", "status": "affected"}, {"version": "6.0(1g)", "status": "affected"}, {"version": "6.0(1j)", "status": "affected"}, {"version": "6.0(2h)", "status": "affected"}, {"version": "6.0(2j)", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Access Control", "type": "cwe", "cweId": "CWE-284"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk", "name": "cisco-sa-apic-uapa-F4TAShk"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-apic-uapa-F4TAShk", "discovery": "INTERNAL", "defects": ["CSCwe56828"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:35.936Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk", "name": "cisco-sa-apic-uapa-F4TAShk", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-01T15:11:19.252551Z", "id": "CVE-2023-20230", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-01T15:53:16.612Z"}}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat