CVE-2019-1889

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (APIC) Software versions (affected versions not specified)

Description The issue is related to the implementation of the REST API in the Cisco Application Policy Infrastructure Controller, specifically with inadequate access restrictions to certain features. This could allow a remote attacker to escalate their privileges to the root level by uploading malicious software. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded.

Recommendations For all affected versions, consider restricting access to the REST API to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the REST API for software uploads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.