CVE-2021-1583

CVE Database · CVE-2021-1583

CVE-2021-1583

· MEDIUMModified

CVSS v3.1

4.4

EPSS

0.22%

Published

Aug 25, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-284

Affected Products (42)

cisco · nx-osvulnerable

cisco · nexus_9000

cisco · nexus_9000v

cisco · nexus_92160yc-x

cisco · nexus_92300yc

cisco · nexus_92304qc

cisco · nexus_92348gc-x

cisco · nexus_9236c

cisco · nexus_9272q

cisco · nexus_93108tc-ex

cisco · nexus_93108tc-ex-24

cisco · nexus_93108tc-fx

cisco · nexus_93108tc-fx-24

· nexus_93108tc-fx3p

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7

PatchVendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs