Details of VAR-202108-0318

ID

VAR-202108-0318

CVE

CVE-2021-1584

TITLE

Cisco Nexus 9000 Series Fabric Switches In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-009271

DESCRIPTION

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root. Cisco Nexus 9000 Series Fabric Switchess Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Nexus 9000 series switches are modular and fixed-port network switches designed specifically for data centers

Trust: 2.25

sources: NVD: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-68728

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	14.2\(7f\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco nx-os	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus series fabric switches	scope:	eq	version:	9000	Trust: 0.6

sources: CNVD: CNVD-2021-68728 // JVNDB: JVNDB-2021-009271 // NVD: CVE-2021-1584

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1584
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1584
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1584
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-68728
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202108-2313
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-1584
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1584
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-68728
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULMON:	CVE-2021-1584
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1584
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1584
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1584
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNNVD: CNNVD-202108-2313 // NVD: CVE-2021-1584 // NVD: CVE-2021-1584

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-009271 // NVD: CVE-2021-1584

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2313

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202108-2313

PATCH

title:	cisco-sa-naci-mdvul-vrKVgNU	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU	Trust: 0.8
title:	Patch for Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/289436	Trust: 0.6
title:	Cisco Nexus 9000 Series Fabric Switches Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161415	Trust: 0.6
title:	Cisco: Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-naci-mdvul-vrKVgNU	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/	Trust: 0.1

sources: CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNNVD: CNNVD-202108-2313

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1584	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-009271	Trust: 0.8
db:	CNVD	id:	CNVD-2021-68728	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2873	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-2313	Trust: 0.6
db:	VULMON	id:	CVE-2021-1584	Trust: 0.1

sources: CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNNVD: CNNVD-202108-2313 // NVD: CVE-2021-1584

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-naci-mdvul-vrkvgnu	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1584	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.2873	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-nexus-9000-aci-mode-privilege-escalation-via-cli-command-36236	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-issues-critical-fixes-for-high-end-nexus-gear/168939/	Trust: 0.1

sources: CNVD: CNVD-2021-68728 // VULMON: CVE-2021-1584 // JVNDB: JVNDB-2021-009271 // CNNVD: CNNVD-202108-2313 // NVD: CVE-2021-1584

SOURCES

db:	CNVD	id:	CNVD-2021-68728
db:	VULMON	id:	CVE-2021-1584
db:	JVNDB	id:	JVNDB-2021-009271
db:	CNNVD	id:	CNNVD-202108-2313
db:	NVD	id:	CVE-2021-1584

LAST UPDATE DATE

2024-08-14T15:06:46.213000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-68728	date:	2021-09-07T00:00:00
db:	VULMON	id:	CVE-2021-1584	date:	2021-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-009271	date:	2022-04-19T08:41:00
db:	CNNVD	id:	CNNVD-202108-2313	date:	2021-09-03T00:00:00
db:	NVD	id:	CVE-2021-1584	date:	2023-11-07T03:28:42.223

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-68728	date:	2021-09-07T00:00:00
db:	VULMON	id:	CVE-2021-1584	date:	2021-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-009271	date:	2022-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202108-2313	date:	2021-08-25T00:00:00
db:	NVD	id:	CVE-2021-1584	date:	2021-08-25T20:15:11.177