CVE-2021-1591

EPSS 0.29%
Veröffentlicht 25.08.2021 20:15:11
Zuletzt bearbeitet 21.11.2024 05:44:41
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs when applying ACLs to port channel interfaces. An attacker could exploit this vulnerability by attempting to access network resources that are protected by the ACL. A successful exploit could allow the attacker to access network resources that would be protected by the ACL that was applied on the port channel interface.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Nx-os Version9.3(4)

   Cisco ≫ Nexus 9500 16-slot Version-
   Cisco ≫ Nexus 9500 4-slot Version-
   Cisco ≫ Nexus 9500 8-slot Version-
   Cisco ≫ Nexus 9504 Version-
   Cisco ≫ Nexus 9508 Version-
   Cisco ≫ Nexus 9516 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.496

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1591

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1591

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1591

EUVD