Details of VAR-202108-0317

ID

VAR-202108-0317

CVE

CVE-2021-1583

TITLE

Cisco Nexus 9000 Series Fabric Switches Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009989

DESCRIPTION

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device. Cisco Nexus 9000 Series Fabric Switches Exists in a fraudulent authentication vulnerability.Information may be obtained

Trust: 2.25

sources: NVD: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-68729

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	14.2\(7f\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco nx-os	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus series fabric switches	scope:	eq	version:	9000	Trust: 0.6

sources: CNVD: CNVD-2021-68729 // JVNDB: JVNDB-2021-009989 // NVD: CVE-2021-1583

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1583
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1583
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1583
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-68729
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202108-2305
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-1583
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1583
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-68729
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1583
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1583
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNNVD: CNNVD-202108-2305 // NVD: CVE-2021-1583 // NVD: CVE-2021-1583

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-009989 // NVD: CVE-2021-1583

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2305

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-2305

PATCH

title:	cisco-sa-naci-afr-UtjfO2D7	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7	Trust: 0.8
title:	Patch for Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Reading Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/289441	Trust: 0.6
title:	Cisco Nexus 9000 Series Fabric Switches Fixes for access control error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=161414	Trust: 0.6
title:	Cisco: Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-naci-afr-UtjfO2D7	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/	Trust: 0.1

sources: CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNNVD: CNNVD-202108-2305

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1583	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-009989	Trust: 0.8
db:	CNVD	id:	CNVD-2021-68729	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2873	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-2305	Trust: 0.6
db:	VULMON	id:	CVE-2021-1583	Trust: 0.1

sources: CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNNVD: CNNVD-202108-2305 // NVD: CVE-2021-1583

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-naci-afr-utjfo2d7	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1583	Trust: 0.8
url:	https://vigilance.fr/vulnerability/cisco-nexus-9000-aci-mode-file-reading-36235	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2873	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/	Trust: 0.1

sources: CNVD: CNVD-2021-68729 // VULMON: CVE-2021-1583 // JVNDB: JVNDB-2021-009989 // CNNVD: CNNVD-202108-2305 // NVD: CVE-2021-1583

SOURCES

db:	CNVD	id:	CNVD-2021-68729
db:	VULMON	id:	CVE-2021-1583
db:	JVNDB	id:	JVNDB-2021-009989
db:	CNNVD	id:	CNNVD-202108-2305
db:	NVD	id:	CVE-2021-1583

LAST UPDATE DATE

2024-08-14T15:06:46.263000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-68729	date:	2021-09-07T00:00:00
db:	VULMON	id:	CVE-2021-1583	date:	2021-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-009989	date:	2022-06-09T08:54:00
db:	CNNVD	id:	CNNVD-202108-2305	date:	2022-10-24T00:00:00
db:	NVD	id:	CVE-2021-1583	date:	2023-11-07T03:28:42.050

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-68729	date:	2021-09-07T00:00:00
db:	VULMON	id:	CVE-2021-1583	date:	2021-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-009989	date:	2022-06-09T00:00:00
db:	CNNVD	id:	CNNVD-202108-2305	date:	2021-08-25T00:00:00
db:	NVD	id:	CVE-2021-1583	date:	2021-08-25T20:15:10.997