CVE-2021-1579

CWE-250CWE-269Improper Privilege ManagementCWE-287Improper Authentication4 documents4 sources
Severity
8.8HIGH
EPSS
0.9%
top 25.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Application Policy Infrastructure ControllerCisco Cloud Application Policy Infrastructure ControllerCisco Cisco Application Policy Infrastructure Controller (apic)
Timeline
PublishedAug 25
Latest updateMay 24

Description

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-246h-5xw7-rvcg: A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Cont2022-05-24
CVEList
Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability2021-08-25

📋Vendor Advisories

1
Cisco
Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability2021-08-25
CVE-2021-1579 (HIGH CVSS 8.8) | A vulnerability in an API endpoint | cvebase.io