ID

VAR-202108-0318


CVE

CVE-2021-1584


TITLE

Cisco Nexus 9000 Series Fabric Switches  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-009271

DESCRIPTION

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root. Cisco Nexus 9000 Series Fabric Switchess Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Nexus 9000 series switches are modular and fixed-port network switches designed specifically for data centers

Trust: 2.25

sources: NVD: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-68728

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:14.2\(7f\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco nx-osscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco nx-osscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:nexus series fabric switchesscope:eqversion:9000

Trust: 0.6

sources: CNVD: CNVD-2021-68728 // JVNDB: JVNDB-2021-009271 // NVD: CVE-2021-1584

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1584
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1584
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1584
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-68728
value: LOW

Trust: 0.6

CNNVD: CNNVD-202108-2313
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-1584
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1584
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-68728
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULMON: CVE-2021-1584
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1584
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1584
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-1584
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNNVD: CNNVD-202108-2313 // NVD: CVE-2021-1584 // NVD: CVE-2021-1584

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009271 // NVD: CVE-2021-1584

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2313

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202108-2313

PATCH

title:cisco-sa-naci-mdvul-vrKVgNUurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU

Trust: 0.8

title:Patch for Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/289436

Trust: 0.6

title:Cisco Nexus 9000 Series Fabric Switches Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161415

Trust: 0.6

title:Cisco: Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-naci-mdvul-vrKVgNU

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/

Trust: 0.1

sources: CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNNVD: CNNVD-202108-2313

EXTERNAL IDS

db:NVDid:CVE-2021-1584

Trust: 3.9

db:JVNDBid:JVNDB-2021-009271

Trust: 0.8

db:CNVDid:CNVD-2021-68728

Trust: 0.6

db:AUSCERTid:ESB-2021.2873

Trust: 0.6

db:CNNVDid:CNNVD-202108-2313

Trust: 0.6

db:VULMONid:CVE-2021-1584

Trust: 0.1

sources: CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNNVD: CNNVD-202108-2313 // NVD: CVE-2021-1584

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-naci-mdvul-vrkvgnu

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1584

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.2873

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-nexus-9000-aci-mode-privilege-escalation-via-cli-command-36236

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/

Trust: 0.1

sources: CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNNVD: CNNVD-202108-2313 // NVD: CVE-2021-1584

SOURCES

db:CNVDid:CNVD-2021-68728
db:VULMONid:CVE-2021-1584
db:JVNDBid:JVNDB-2021-009271
db:CNNVDid:CNNVD-202108-2313
db:NVDid:CVE-2021-1584

LAST UPDATE DATE

2024-08-14T15:06:46.213000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-68728date:2021-09-07T00:00:00
db:VULMONid:CVE-2021-1584date:2021-09-02T00:00:00
db:JVNDBid:JVNDB-2021-009271date:2022-04-19T08:41:00
db:CNNVDid:CNNVD-202108-2313date:2021-09-03T00:00:00
db:NVDid:CVE-2021-1584date:2023-11-07T03:28:42.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-68728date:2021-09-07T00:00:00
db:VULMONid:CVE-2021-1584date:2021-08-25T00:00:00
db:JVNDBid:JVNDB-2021-009271date:2022-04-19T00:00:00
db:CNNVDid:CNNVD-202108-2313date:2021-08-25T00:00:00
db:NVDid:CVE-2021-1584date:2021-08-25T20:15:11.177