1. Home
  2. CVE Database
  3. CVE-2021-1584
MEDIUM · 6.0

CVE-2021-1584

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. Th...

Vulnerability Description

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
CiscoNx-Os14.2\(7f\)
CiscoNexus 9000-
CiscoNexus 9000V-
CiscoNexus 92160Yc-X-
CiscoNexus 92300Yc-
CiscoNexus 92304Qc-
CiscoNexus 92348Gc-X-
CiscoNexus 9236C-
CiscoNexus 9272Q-
CiscoNexus 93108Tc-Ex-
CiscoNexus 93108Tc-Ex-24-
CiscoNexus 93108Tc-Fx-
CiscoNexus 93108Tc-Fx-24-
CiscoNexus 93108Tc-Fx3P-
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 9316D-Gx-
CiscoNexus 93180Lc-Ex-
CiscoNexus 93180Yc-Ex-
CiscoNexus 93180Yc-Ex-24-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2021-1584?

CVE-2021-1584 is a vulnerability with a CVSS score of 6.0 (MEDIUM). A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. Th...

How severe is CVE-2021-1584?

CVE-2021-1584 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1584?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 9000, Cisco Nexus 9000V, Cisco Nexus 92160Yc-X, Cisco Nexus 92300Yc.