发布日期：2023-08-23
更新日期：2023-10-25

受影响系统：

Cisco Cisco Application Policy Infrastructure Controller >= 6.0
Cisco Cisco Application Policy Infrastructure Controller >= 5.2
Cisco Cisco Application Policy Infrastructure Controller < 6.0\(3d\)
Cisco Cisco Application Policy Infrastructure Controller < 5.2\(8d\)

描述：

---

CVE(CAN) ID: CVE-2023-20230

Cisco Application Policy Infrastructure Controller（APIC）是美国思科（Cisco）公司的一款自动化的基础架构部署和治理解决方案。
Cisco Application Policy Infrastructure Controller 5.2至5.2\(8d\)之前版本和6.0至6.0\(3d\)之前版本存在权限分配错误漏洞，该漏洞源于访问控制错误漏洞，攻击者可利用该漏洞读取、修改或删除用户创建的策略。

<*链接：https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4T
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-apic-uapa-F4TAShk）以及相应补丁:
cisco-sa-apic-uapa-F4TAShk：Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability
链接：https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-uapa-F4TAShk

浏览次数：317
严重程度：0（网友投票）