ID

VAR-202108-0317


CVE

CVE-2021-1583


TITLE

Cisco Nexus 9000 Series Fabric Switches  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009989

DESCRIPTION

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device. Cisco Nexus 9000 Series Fabric Switches Exists in a fraudulent authentication vulnerability.Information may be obtained

Trust: 2.25

sources: NVD: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-68729

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:14.2\(7f\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco nx-osscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco nx-osscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:nexus series fabric switchesscope:eqversion:9000

Trust: 0.6

sources: CNVD: CNVD-2021-68729 // JVNDB: JVNDB-2021-009989 // NVD: CVE-2021-1583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1583
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1583
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1583
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-68729
value: LOW

Trust: 0.6

CNNVD: CNNVD-202108-2305
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-1583
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1583
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-68729
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1583
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1583
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNNVD: CNNVD-202108-2305 // NVD: CVE-2021-1583 // NVD: CVE-2021-1583

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009989 // NVD: CVE-2021-1583

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2305

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-2305

PATCH

title:cisco-sa-naci-afr-UtjfO2D7url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7

Trust: 0.8

title:Patch for Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Reading Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/289441

Trust: 0.6

title:Cisco Nexus 9000 Series Fabric Switches Fixes for access control error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=161414

Trust: 0.6

title:Cisco: Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-naci-afr-UtjfO2D7

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/

Trust: 0.1

sources: CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNNVD: CNNVD-202108-2305

EXTERNAL IDS

db:NVDid:CVE-2021-1583

Trust: 3.9

db:JVNDBid:JVNDB-2021-009989

Trust: 0.8

db:CNVDid:CNVD-2021-68729

Trust: 0.6

db:AUSCERTid:ESB-2021.2873

Trust: 0.6

db:CNNVDid:CNNVD-202108-2305

Trust: 0.6

db:VULMONid:CVE-2021-1583

Trust: 0.1

sources: CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNNVD: CNNVD-202108-2305 // NVD: CVE-2021-1583

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-naci-afr-utjfo2d7

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1583

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-nexus-9000-aci-mode-file-reading-36235

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2873

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/

Trust: 0.1

sources: CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNNVD: CNNVD-202108-2305 // NVD: CVE-2021-1583

SOURCES

db:CNVDid:CNVD-2021-68729
db:VULMONid:CVE-2021-1583
db:JVNDBid:JVNDB-2021-009989
db:CNNVDid:CNNVD-202108-2305
db:NVDid:CVE-2021-1583

LAST UPDATE DATE

2024-08-14T15:06:46.263000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-68729date:2021-09-07T00:00:00
db:VULMONid:CVE-2021-1583date:2021-09-02T00:00:00
db:JVNDBid:JVNDB-2021-009989date:2022-06-09T08:54:00
db:CNNVDid:CNNVD-202108-2305date:2022-10-24T00:00:00
db:NVDid:CVE-2021-1583date:2023-11-07T03:28:42.050

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-68729date:2021-09-07T00:00:00
db:VULMONid:CVE-2021-1583date:2021-08-25T00:00:00
db:JVNDBid:JVNDB-2021-009989date:2022-06-09T00:00:00
db:CNNVDid:CNNVD-202108-2305date:2021-08-25T00:00:00
db:NVDid:CVE-2021-1583date:2021-08-25T20:15:10.997