CVE-2021-1584 MEDIUM

CVE-2021-1584: Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability

Vendor Cisco

Product Cisco NX-OS System Software in ACI Mode

Weakness CWE-78

Published August 25, 2021

Last update November 7, 2024

View on NVD All CVEs

CVSS base score

6.0/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.

Key dates

02Disclosure timeline

August 25, 2021 CVE published

November 7, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-1584 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2021-1584

CWE CWE-78

CVSS 6.0 / MEDIUM

Affected versions