From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability - Vulnerability ID: cisco-sa-capic-priv-esc-uYQJnuU - CVE Number: CVE-2024-20478 - CWE Number: CWE-250 - CVSS Score: Base 6.5 2. Affected Products: - Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller - Versions: 5.3, 6.0, 6.1 3. Vulnerability Impact: - Description: Allows a remote attacker with administrative privileges to install a modified software image, leading to arbitrary code injection. - Cause: Insufficient signature validation in the software upgrade component. - Mitigation: Users are advised to regularly check Cisco’s security advisories to determine exposure and obtain complete remediation solutions. 4. Affected Software Versions: - Affected Versions: 5.3, 6.0, 6.1 - Fixed Versions: 5.3(2d), 6.0(6c) 5. Affected Product Status: - Cisco Cloud Network Controller: Has reached end-of-life and no longer receives software updates. 6. Security Policy: - Links to Cisco’s security vulnerability disclosure policy and security notification subscription are provided. 7. Source: - Acknowledges Sara Veterini, Gianluca Roascio, and Giacomo Gloria from the Italian National Cybersecurity Agency (ACN) for discovering and reporting this vulnerability. 8. Revision History: - Version 1.0: Initial public release, status: Final. 9. Disclaimer: - The document is provided “AS IS” without any warranty or guarantee, including but not limited to implied warranties of merchantability or fitness for a particular purpose. This information helps users understand the vulnerability details, affected products and versions, mitigation steps, and related security policies.