Vulnerability CVE-2021-1579


Published: 2021-08-25   Modified: 2021-08-26

Description:
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Application policy infrastructure controller 
Cisco -> Cloud application policy infrastructure controller 

 References:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8

Copyright 2022, cxsecurity.com

 

Back to Top