CVE-2023-20011 (application_policy_infrastructure_controller, cloud_network_controller)

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could …

apic application attack cisco cloud cross-site cross-site request forgery csrf cve exploit forgery infrastructure interface link malicious management network policy request system the web vulnerability web