{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20107", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.372Z", "datePublished": "2026-02-25T16:14:33.988Z", "dateUpdated": "2026-02-25T19:05:49.359Z"}, "containers": {"cna": {"title": "Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access.\r\n\r\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-dos-rNus8EFw", "name": "cisco-sa-apic-dos-rNus8EFw"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-apic-dos-rNus8EFw", "discovery": "INTERNAL", "defects": ["CSCwo92613"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Insufficient Granularity of Access Control", "type": "cwe", "cweId": "CWE-1220"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Application Policy Infrastructure Controller (APIC)", "versions": [{"version": "6.1(1f)", "status": "affected"}, {"version": "6.1(2f)", "status": "affected"}, {"version": "6.1(2g)", "status": "affected"}, {"version": "6.1(3f)", "status": "affected"}, {"version": "6.1(3g)", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-02-25T16:14:33.988Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-25T18:18:52.201612Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T19:05:49.359Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20107", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-25T18:18:52.201612Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T18:17:51.641Z"}}], "cna": {"title": "Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability", "source": {"defects": ["CSCwo92613"], "advisory": "cisco-sa-apic-dos-rNus8EFw", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Application Policy Infrastructure Controller (APIC)", "versions": [{"status": "affected", "version": "6.1(1f)"}, {"status": "affected", "version": "6.1(2f)"}, {"status": "affected", "version": "6.1(2g)"}, {"status": "affected", "version": "6.1(3f)"}, {"status": "affected", "version": "6.1(3g)"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-dos-rNus8EFw", "name": "cisco-sa-apic-dos-rNus8EFw"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access.\r\n\r\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-1220", "description": "Insufficient Granularity of Access Control"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-02-25T16:14:33.988Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20107", "state": "PUBLISHED", "dateUpdated": "2026-02-25T19:05:49.359Z", "dateReserved": "2025-10-08T11:59:15.372Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-02-25T16:14:33.988Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access.\r\n\r\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el componente CLI del Modelo de Objetos de Cisco Application Policy Infrastructure Controller (APIC) podr\u00eda permitir a un atacante local autenticado causar que un dispositivo afectado se recargue inesperadamente, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Para explotar esta vulnerabilidad, el atacante debe tener credenciales de usuario v\u00e1lidas y cualquier rol que incluya acceso CLI.\n\nEsta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad emitiendo comandos manipulados en el indicador de la CLI. Un exploit exitoso podr\u00eda permitir al atacante causar que el dispositivo se recargue, lo que resultar\u00eda en una condici\u00f3n de DoS."}], "id": "CVE-2026-20107", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-02-25T17:25:27.990", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-dos-rNus8EFw"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1220"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.1(1f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.1(2f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.1(2g)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.1(3f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.1(3g)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Cisco Application Policy Infrastructure Controller (APIC)", "source": "cna", "vendor": "Cisco"}, "product": "application_policy_infrastructure_controller_(apic)", "vendor": "cisco"}], "analysis": {"en": {"generated_at": "2026-04-17T15:09:06.428019+00:00", "value": {"mitigation_remediation": ["Apply the latest Cisco APIC firmware or patch that addresses the CLI input validation flaw.", "Restrict CLI access by assigning minimal\u2011privilege roles, ensuring only trusted users can execute commands at the CLI prompt.", "Enable and monitor system logs for unexpected reload events or unauthorized CLI commands and review access logs for anomalous activity."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Cisco\u2019s Application Policy Infrastructure Controller is affected. The vulnerability applies to any instance where a user has valid credentials and a role that grants CLI access. No specific version ranges are listed, so all deployed APIC appliances with the affected CLI component are potentially vulnerable.", "description_and_impact": "The vulnerability resides in the Object Model CLI component of Cisco Application Policy Infrastructure Controller and allows an authenticated, local attacker possessing any role with CLI access to issue crafted commands that trigger an unexpected device reload. This reload causes a denial\u2011of\u2011service condition, disrupting normal controller operation. The weakness stems from insufficient input validation of CLI commands.", "risk_and_exploitability": "The CVSS score of 5.5 places this issue in the medium severity range. The EPSS indicates a very low likelihood of exploitation, reflecting that only users with local CLI access can launch the attack. The vulnerability is not present in the CISA KEV catalog, suggesting it has not been observed in the wild. Exploitation requires credential compromise or lateral movement to an account with CLI privileges; an attacker can then issue a single crafted command to trigger a reload and achieve a local denial of service."}}}}, "created": "2026-02-26T13:15:32.951228+00:00", "updated": "2026-04-17T15:15:21.851586+00:00", "vendors": ["cisco", "cisco$PRODUCT$application_policy_infrastructure_controller_(apic)"]}