CVE-2021-1361

CWE-552Files Accessible to External Parties6 documents5 sources
Severity
9.1CRITICAL
EPSS
0.6%
top 30.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedFeb 24
Latest updateMay 24

Description

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/nx-os9.3\(5\), 9.3\(6\)+1

🔴Vulnerability Details

2
GHSA
GHSA-9cw6-xmv9-q69p: A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches2022-05-24
CVEList
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability2021-02-24

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability2021-02-24

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Information disclosure vulnerability in D-LINK DIR-3040 mesh router2021-09-23
Talos
Vulnerability Spotlight: Information disclosure vulnerability in D-LINK DIR-3040 mesh router2021-09-23
CVE-2021-1361 (CRITICAL CVSS 9.1) | A vulnerability in the implementati | cvebase.io