A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.
References
| Link | Resource |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
History
No history.
Information
Published : 2021-02-24 20:15
Updated : 2024-02-04 21:23
NVD link : CVE-2021-1227
Mitre link : CVE-2021-1227
CVE.ORG link : CVE-2021-1227
JSON object : View
Products Affected
cisco
- mds_9710
- nexus_36180yc-r
- nexus_5548up
- nexus_5672up-16g
- mds_9148s
- nexus_3636c-r
- nexus_3264c-e
- nexus_3264q
- nexus_31108tc-v
- mds_9250i
- nexus_9300
- nexus_3048
- mds_9706
- nexus_5624q
- nexus_56128p
- nexus_31128pq
- nexus_3132c-z
- nexus_3172pq-xl
- nexus_3232c
- nexus_3548-xl
- nexus_9500
- nexus_7700
- nexus_34180yc
- nexus_3524-x
- nexus_6004
- nexus_3432d-s
- nexus_3132q-x
- nexus_5596t
- nexus_3164q
- nexus_5648q
- nexus_3172pq
- nexus_9200
- nexus_5696q
- nexus_5596up
- nexus_5548p
- nexus_6001
- nexus_3548-x
- nexus_3408-s
- nexus_7000
- nexus_3464c
- nexus_3524-xl
- nexus_5672up
- nx-os
- nexus_31108pv-v
- nexus_3132q-v
- nexus_3132q-xl
CWE
CWE-352
Cross-Site Request Forgery (CSRF)