CVE-2019-1586

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (APIC) Software (affected versions not specified)

Description A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The issue is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this by retrieving data from the physical disk on the affected partition(s), potentially allowing them to retrieve encryption keys and further decrypt other data and sensitive information on the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.