ID

VAR-202108-0312


CVE

CVE-2021-1578


TITLE

Cisco Application Policy Infrastructure Controller  and  Cisco Cloud Application Policy Infrastructure Controller  Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011086

DESCRIPTION

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is due to an improper policy default setting. An attacker could exploit this vulnerability by using a non-privileged credential for Cisco ACI Multi-Site Orchestrator (MSO) to send a specific API request to a managed Cisco APIC or Cloud APIC device. A successful exploit could allow the attacker to obtain Administrator credentials on the affected device. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-1578 // JVNDB: JVNDB-2021-011086 // VULHUB: VHN-374632 // VULMON: CVE-2021-1578

AFFECTED PRODUCTS

vendor:ciscomodel:application policy infrastructure controllerscope:gteversion:5.0

Trust: 1.0

vendor:ciscomodel:cloud application policy infrastructure controllerscope:lteversion:5.1\(3e\)

Trust: 1.0

vendor:ciscomodel:cloud application policy infrastructure controllerscope:gteversion:5.0

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:lteversion:5.1\(3e\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:5.0\(2h\)

Trust: 1.0

vendor:ciscomodel:cloud application policy infrastructure controllerscope:eqversion:5.0\(2h\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco cloud application policy infrastructure controllerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco application policy infrastructure controllerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-011086 // NVD: CVE-2021-1578

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1578
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1578
value: HIGH

Trust: 1.0

NVD: CVE-2021-1578
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202108-2355
value: HIGH

Trust: 0.6

VULHUB: VHN-374632
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1578
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1578
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374632
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1578
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-1578
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374632 // VULMON: CVE-2021-1578 // JVNDB: JVNDB-2021-011086 // CNNVD: CNNVD-202108-2355 // NVD: CVE-2021-1578 // NVD: CVE-2021-1578

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:CWE-636

Trust: 1.0

problemtype:Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374632 // JVNDB: JVNDB-2021-011086 // NVD: CVE-2021-1578

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-2355

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202108-2355

PATCH

title:cisco-sa-capic-pesc-pkmGK4Jurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-pesc-pkmGK4J

Trust: 0.8

title:Cisco Application Policy Infrastructure Controller Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161281

Trust: 0.6

title:Cisco: Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-capic-pesc-pkmGK4J

Trust: 0.1

sources: VULMON: CVE-2021-1578 // JVNDB: JVNDB-2021-011086 // CNNVD: CNNVD-202108-2355

EXTERNAL IDS

db:NVDid:CVE-2021-1578

Trust: 3.4

db:JVNDBid:JVNDB-2021-011086

Trust: 0.8

db:CNNVDid:CNNVD-202108-2355

Trust: 0.7

db:AUSCERTid:ESB-2021.2871

Trust: 0.6

db:VULHUBid:VHN-374632

Trust: 0.1

db:VULMONid:CVE-2021-1578

Trust: 0.1

sources: VULHUB: VHN-374632 // VULMON: CVE-2021-1578 // JVNDB: JVNDB-2021-011086 // CNNVD: CNNVD-202108-2355 // NVD: CVE-2021-1578

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-capic-pesc-pkmgk4j

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1578

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.2871

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/755.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374632 // VULMON: CVE-2021-1578 // JVNDB: JVNDB-2021-011086 // CNNVD: CNNVD-202108-2355 // NVD: CVE-2021-1578

SOURCES

db:VULHUBid:VHN-374632
db:VULMONid:CVE-2021-1578
db:JVNDBid:JVNDB-2021-011086
db:CNNVDid:CNNVD-202108-2355
db:NVDid:CVE-2021-1578

LAST UPDATE DATE

2024-08-14T12:49:43.782000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374632date:2021-09-01T00:00:00
db:VULMONid:CVE-2021-1578date:2021-09-01T00:00:00
db:JVNDBid:JVNDB-2021-011086date:2022-07-19T02:18:00
db:CNNVDid:CNNVD-202108-2355date:2021-09-02T00:00:00
db:NVDid:CVE-2021-1578date:2023-11-07T03:28:40.820

SOURCES RELEASE DATE

db:VULHUBid:VHN-374632date:2021-08-25T00:00:00
db:VULMONid:CVE-2021-1578date:2021-08-25T00:00:00
db:JVNDBid:JVNDB-2021-011086date:2022-07-19T00:00:00
db:CNNVDid:CNNVD-202108-2355date:2021-08-25T00:00:00
db:NVDid:CVE-2021-1578date:2021-08-25T20:15:10.080