CVE-2021-1584

CVE Database · CVE-2021-1584

CVE-2021-1584

· MEDIUMModified

CVSS v3.1

6.0

EPSS

0.45%

Published

Aug 25, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (42)

cisco · nx-osvulnerable

cisco · nexus_9000

cisco · nexus_9000v

cisco · nexus_92160yc-x

cisco · nexus_92300yc

cisco · nexus_92304qc

cisco · nexus_92348gc-x

cisco · nexus_9236c

cisco · nexus_9272q

cisco · nexus_93108tc-ex

cisco · nexus_93108tc-ex-24

cisco · nexus_93108tc-fx

cisco · nexus_93108tc-fx-24

· nexus_93108tc-fx3p

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU

PatchVendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs