CVE-2021-1584

EPSS 0.11%
Published 25.08.2021 20:15:11
Last modified 21.11.2024 05:44:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Nx-os Version14.2(7f)

   Cisco ≫ Nexus 9000 Version-
   Cisco ≫ Nexus 9000v Version-
   Cisco ≫ Nexus 92160yc-x Version-
   Cisco ≫ Nexus 92300yc Version-
   Cisco ≫ Nexus 92304qc Version-
   Cisco ≫ Nexus 92348gc-x Version-
   Cisco ≫ Nexus 9236c Version-
   Cisco ≫ Nexus 9272q Version-
   Cisco ≫ Nexus 93108tc-ex Version-
   Cisco ≫ Nexus 93108tc-ex-24 Version-
   Cisco ≫ Nexus 93108tc-fx Version-
   Cisco ≫ Nexus 93108tc-fx-24 Version-
   Cisco ≫ Nexus 93108tc-fx3p Version-
   Cisco ≫ Nexus 93120tx Version-
   Cisco ≫ Nexus 93128tx Version-
   Cisco ≫ Nexus 9316d-gx Version-
   Cisco ≫ Nexus 93180lc-ex Version-
   Cisco ≫ Nexus 93180yc-ex Version-
   Cisco ≫ Nexus 93180yc-ex-24 Version-
   Cisco ≫ Nexus 93180yc-fx Version-
   Cisco ≫ Nexus 93180yc-fx-24 Version-
   Cisco ≫ Nexus 93180yc-fx3 Version-
   Cisco ≫ Nexus 93180yc-fx3s Version-
   Cisco ≫ Nexus 93216tc-fx2 Version-
   Cisco ≫ Nexus 93240yc-fx2 Version-
   Cisco ≫ Nexus 9332c Version-
   Cisco ≫ Nexus 9332pq Version-
   Cisco ≫ Nexus 93360yc-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2-e Version-
   Cisco ≫ Nexus 9348gc-fxp Version-
   Cisco ≫ Nexus 93600cd-gx Version-
   Cisco ≫ Nexus 9364c Version-
   Cisco ≫ Nexus 9364c-gx Version-
   Cisco ≫ Nexus 9372px Version-
   Cisco ≫ Nexus 9372px-e Version-
   Cisco ≫ Nexus 9372tx Version-
   Cisco ≫ Nexus 9372tx-e Version-
   Cisco ≫ Nexus 9396px Version-
   Cisco ≫ Nexus 9396tx Version-
   Cisco ≫ Nexus 9508 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.301

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1584

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1584

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1584

EUVD