CVE-2026-20107
Insufficient Input Validation in Cisco APIC CLI Causes DoS
Publication date: 2026-02-25
Last updated on: 2026-02-25
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | application_policy_infrastructure_controller | * |
| cisco | application_policy_infrastructure_controller | From 6.1 (inc) to 6.1(4h) (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1220 | The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC). It allows an authenticated local attacker, who has any role with CLI access, to cause the affected device to reload unexpectedly. This happens because of insufficient input validation, which means the attacker can issue specially crafted commands at the CLI prompt to trigger the device reload.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker with valid credentials and CLI access can cause the device to reload unexpectedly, disrupting normal operations and potentially causing downtime.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires an authenticated local attacker with CLI access to exploit it by issuing specially crafted commands at the CLI prompt. Detection would involve monitoring for unusual or unexpected CLI commands that could trigger a device reload.
However, no specific detection commands or network detection methods are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Cisco recommends upgrading to the fixed software releases to fully remediate this vulnerability.
- Ensure that only trusted users have CLI access, as the attacker must have valid user credentials and CLI access.
- Monitor for any unexpected device reloads that could indicate exploitation attempts.
No workarounds are available, so applying the software update is the primary mitigation step.