1. Home
  2. CVE Database
  3. CVE-2021-1586
HIGH · 8.6

CVE-2021-1586

A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remot...

Vulnerability Description

A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vulnerability exists because TCP traffic sent to a specific port on an affected device is not properly sanitized. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port that is listening on a public-facing IP address for the Multi-Pod or Multi-Site configuration. A successful exploit could allow the attacker to cause the device to restart unexpectedly, resulting in a DoS condition.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoNx-Os15.0\(2e\)
CiscoNexus 9000V-
CiscoNexus 92160Yc-X-
CiscoNexus 92300Yc-
CiscoNexus 92304Qc-
CiscoNexus 92348Gc-X-
CiscoNexus 9236C-
CiscoNexus 9272Q-
CiscoNexus 93108Tc-Ex-
CiscoNexus 93108Tc-Ex-24-
CiscoNexus 93108Tc-Fx-
CiscoNexus 93108Tc-Fx-24-
CiscoNexus 93108Tc-Fx3P-
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 9316D-Gx-
CiscoNexus 93180Lc-Ex-
CiscoNexus 93180Yc-Ex-
CiscoNexus 93180Yc-Ex-24-
CiscoNexus 93180Yc-Fx-

Related Weaknesses (CWE)

CWE-345

References

FAQ

What is CVE-2021-1586?

CVE-2021-1586 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remot...

How severe is CVE-2021-1586?

CVE-2021-1586 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1586?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 9000V, Cisco Nexus 92160Yc-X, Cisco Nexus 92300Yc, Cisco Nexus 92304Qc.