CVE-2021-1584
CVSS V2 High 7.2
CVSS V3 Medium 6.7
Description
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.
Overview
- CVE ID
- CVE-2021-1584
- Assigner
- ykramarz@cisco.com
- Vulnerability Status
- Analyzed
- Published Version
- 2021-08-25T20:15:11
- Last Modified Date
- 2021-09-21T18:12:21
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:cisco:nx-os:14.2\(7f\):*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9364c-gx:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:* | 0 | OR | ||
| cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 7.2
- Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 10
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- HIGH
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 6.7
- Base Severity
- MEDIUM
- Exploitability Score
- 0.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU | Patch Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-1584 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1584 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 06:54:14 | Added to TrackCVE | |||
| 2022-12-05 09:06:18 | psirt@cisco.com | ykramarz@cisco.com | CVE Assigner | updated |
| 2022-12-05 09:06:18 | 2021-08-25T20:15Z | 2021-08-25T20:15:11 | CVE Published Date | updated |
| 2022-12-05 09:06:18 | 2021-09-21T18:12:21 | CVE Modified Date | updated | |
| 2022-12-05 09:06:18 | Analyzed | Vulnerability Status | updated |