CVE-2021-1583

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:nx-os:14.2\(7f\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:nexus_9000:-:::::::*
	cpe:2.3:h:cisco:nexus_9000v:-:::::::*
	cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_92300yc:-:::::::*
	cpe:2.3:h:cisco:nexus_92304qc:-:::::::*
	cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_9236c:-:::::::*
	cpe:2.3:h:cisco:nexus_9272q:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:::::::*
	cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:::::::*
	cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
	cpe:2.3:h:cisco:nexus_93128tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9316d-gx:-:::::::*
	cpe:2.3:h:cisco:nexus_93180lc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-fx3:-:::::::*
	cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:::::::*
	cpe:2.3:h:cisco:nexus_93216tc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9332c:-:::::::*
	cpe:2.3:h:cisco:nexus_9332pq:-:::::::*
	cpe:2.3:h:cisco:nexus_93360yc-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::*
	cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:::::::*
	cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::*
	cpe:2.3:h:cisco:nexus_93600cd-gx:-:::::::*
	cpe:2.3:h:cisco:nexus_9364c:-:::::::*
	cpe:2.3:h:cisco:nexus_9364c-gx:-:::::::*
	cpe:2.3:h:cisco:nexus_9372px:-:::::::*
	cpe:2.3:h:cisco:nexus_9372px-e:-:::::::*
	cpe:2.3:h:cisco:nexus_9372tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9372tx-e:-:::::::*
	cpe:2.3:h:cisco:nexus_9396px:-:::::::*
	cpe:2.3:h:cisco:nexus_9396tx:-:::::::*
	cpe:2.3:h:cisco:nexus_9508:-:::::::*

History

21 Oct 2022, 19:33

Type	Values Removed	Values Added
CWE	~~CWE-863~~	NVD-CWE-Other

02 Sep 2021, 20:41

Type	Values Removed	Values Added
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7 -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7 - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 4.4
CPE		cpe:2.3:h:cisco:nexus_9000:-:::::::* cpe:2.3:h:cisco:nexus_9332c:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:::::::* cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::* cpe:2.3:h:cisco:nexus_9372px-e:-:::::::* cpe:2.3:h:cisco:nexus_9332pq:-:::::::* cpe:2.3:h:cisco:nexus_9272q:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:::::::* cpe:2.3:h:cisco:nexus_93600cd-gx:-:::::::* cpe:2.3:h:cisco:nexus_9372tx:-:::::::* cpe:2.3:h:cisco:nexus_9316d-gx:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::* cpe:2.3:h:cisco:nexus_93120tx:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-ex-24:-:::::::* cpe:2.3:h:cisco:nexus_9396tx:-:::::::* cpe:2.3:h:cisco:nexus_93360yc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-fx-24:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::* cpe:2.3:h:cisco:nexus_9000v:-:::::::* cpe:2.3:h:cisco:nexus_9364c:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-ex-24:-:::::::* cpe:2.3:h:cisco:nexus_93180lc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93128tx:-:::::::* cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::* cpe:2.3:h:cisco:nexus_9396px:-:::::::* cpe:2.3:h:cisco:nexus_9236c:-:::::::* cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx-24:-:::::::* cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::* cpe:2.3:h:cisco:nexus_92304qc:-:::::::* cpe:2.3:h:cisco:nexus_9508:-:::::::* cpe:2.3:h:cisco:nexus_92300yc:-:::::::* cpe:2.3:o:cisco:nx-os:14.2\(7f\):::::::* cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:::::::* cpe:2.3:h:cisco:nexus_9372px:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-fx3:-:::::::* cpe:2.3:h:cisco:nexus_9372tx-e:-:::::::* cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::* cpe:2.3:h:cisco:nexus_93216tc-fx2:-:::::::* cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::* cpe:2.3:h:cisco:nexus_9364c-gx:-:::::::*
CWE		CWE-863

25 Aug 2021, 20:27

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-08-25 20:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-1583

Mitre link : CVE-2021-1583

CVE.ORG link : CVE-2021-1583

JSON object : View

Products Affected

cisco

nexus_9372px-e
nexus_9508
nexus_92348gc-x
nexus_93108tc-fx3p
nexus_9332c
nexus_93108tc-ex
nexus_93180lc-ex
nexus_93240yc-fx2
nexus_9396px
nexus_93180yc-fx-24
nexus_9348gc-fxp
nexus_9364c-gx
nexus_9372px
nexus_93108tc-fx-24
nexus_93180yc-fx
nexus_93108tc-ex-24
nexus_9364c
nexus_93180yc-fx3s
nexus_92300yc
nexus_9000
nexus_9000v
nexus_93360yc-fx2
nexus_9272q
nexus_9396tx
nexus_92304qc
nexus_9236c
nexus_93180yc-ex
nexus_9332pq
nexus_9336c-fx2
nexus_93600cd-gx
nexus_9372tx
nexus_93108tc-fx
nexus_93180yc-fx3
nexus_93216tc-fx2
nexus_9336c-fx2-e
nexus_93180yc-ex-24
nexus_92160yc-x
nx-os
nexus_93128tx
nexus_93120tx
nexus_9372tx-e
nexus_9316d-gx

CWE

NVD-CWE-Other CWE-284

Improper Access Control

4.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-1583

4.4^/10

2.1^/10

Attach tags to `CVE-2021-1583`