CVE-2023-20230

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (affected versions not specified)

Description The issue is related to improper access control in the restricted security domain implementation, allowing an authenticated, remote attacker to read, modify, or delete non-tenant policies, such as access policies, created by users associated with a different security domain. This could be exploited by an attacker with a valid user account associated with a restricted security domain. The vulnerability does not affect policies under tenants that an attacker has no authorization to access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.