1. Home
  2. CVE Database
  3. CVE-2021-1583
MEDIUM · 4.4

CVE-2021-1583

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local ...

Vulnerability Description

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoNx-Os14.2\(7f\)
CiscoNexus 9000-
CiscoNexus 9000V-
CiscoNexus 92160Yc-X-
CiscoNexus 92300Yc-
CiscoNexus 92304Qc-
CiscoNexus 92348Gc-X-
CiscoNexus 9236C-
CiscoNexus 9272Q-
CiscoNexus 93108Tc-Ex-
CiscoNexus 93108Tc-Ex-24-
CiscoNexus 93108Tc-Fx-
CiscoNexus 93108Tc-Fx-24-
CiscoNexus 93108Tc-Fx3P-
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 9316D-Gx-
CiscoNexus 93180Lc-Ex-
CiscoNexus 93180Yc-Ex-
CiscoNexus 93180Yc-Ex-24-

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2021-1583?

CVE-2021-1583 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local ...

How severe is CVE-2021-1583?

CVE-2021-1583 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1583?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 9000, Cisco Nexus 9000V, Cisco Nexus 92160Yc-X, Cisco Nexus 92300Yc.