CVE-2021-1584

Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.

Una vulnerabilidad en Cisco Nexus 9000 Series Fabric Switches en el modo Application Centric Infrastructure (ACI) podría permitir a un atacante local autenticado elevar los privilegios en un dispositivo afectado. Esta vulnerabilidad es debido a las restricciones insuficientes durante la ejecución de un comando CLI específico. Un atacante con privilegios administrativos podría explotar esta vulnerabilidad al llevar a cabo un ataque de inyección de comandos en el comando vulnerable. Una explotación con éxito podría permitir al atacante acceder al sistema operativo subyacente como root.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2020-11-13 CVE Reserved
2021-08-25 CVE Published
2023-03-08 EPSS Updated
2024-11-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9000 Search vendor "Cisco" for product "Nexus 9000"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9000v Search vendor "Cisco" for product "Nexus 9000v"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 92160yc-x Search vendor "Cisco" for product "Nexus 92160yc-x"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 92300yc Search vendor "Cisco" for product "Nexus 92300yc"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 92304qc Search vendor "Cisco" for product "Nexus 92304qc"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 92348gc-x Search vendor "Cisco" for product "Nexus 92348gc-x"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9236c Search vendor "Cisco" for product "Nexus 9236c"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9272q Search vendor "Cisco" for product "Nexus 9272q"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93108tc-ex Search vendor "Cisco" for product "Nexus 93108tc-ex"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93108tc-ex-24 Search vendor "Cisco" for product "Nexus 93108tc-ex-24"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93108tc-fx Search vendor "Cisco" for product "Nexus 93108tc-fx"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93108tc-fx-24 Search vendor "Cisco" for product "Nexus 93108tc-fx-24"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93108tc-fx3p Search vendor "Cisco" for product "Nexus 93108tc-fx3p"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93120tx Search vendor "Cisco" for product "Nexus 93120tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93128tx Search vendor "Cisco" for product "Nexus 93128tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9316d-gx Search vendor "Cisco" for product "Nexus 9316d-gx"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180lc-ex Search vendor "Cisco" for product "Nexus 93180lc-ex"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180yc-ex Search vendor "Cisco" for product "Nexus 93180yc-ex"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180yc-ex-24 Search vendor "Cisco" for product "Nexus 93180yc-ex-24"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180yc-fx Search vendor "Cisco" for product "Nexus 93180yc-fx"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180yc-fx-24 Search vendor "Cisco" for product "Nexus 93180yc-fx-24"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180yc-fx3 Search vendor "Cisco" for product "Nexus 93180yc-fx3"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180yc-fx3s Search vendor "Cisco" for product "Nexus 93180yc-fx3s"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93216tc-fx2 Search vendor "Cisco" for product "Nexus 93216tc-fx2"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93240yc-fx2 Search vendor "Cisco" for product "Nexus 93240yc-fx2"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9332c Search vendor "Cisco" for product "Nexus 9332c"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9332pq Search vendor "Cisco" for product "Nexus 9332pq"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93360yc-fx2 Search vendor "Cisco" for product "Nexus 93360yc-fx2"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9336c-fx2 Search vendor "Cisco" for product "Nexus 9336c-fx2"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9336c-fx2-e Search vendor "Cisco" for product "Nexus 9336c-fx2-e"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9348gc-fxp Search vendor "Cisco" for product "Nexus 9348gc-fxp"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93600cd-gx Search vendor "Cisco" for product "Nexus 93600cd-gx"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9364c Search vendor "Cisco" for product "Nexus 9364c"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9364c-gx Search vendor "Cisco" for product "Nexus 9364c-gx"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372px Search vendor "Cisco" for product "Nexus 9372px"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372px-e Search vendor "Cisco" for product "Nexus 9372px-e"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372tx Search vendor "Cisco" for product "Nexus 9372tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372tx-e Search vendor "Cisco" for product "Nexus 9372tx-e"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9396px Search vendor "Cisco" for product "Nexus 9396px"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9396tx Search vendor "Cisco" for product "Nexus 9396tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nx-os Search vendor "Cisco" for product "Nx-os"	14.2\(7f\) Search vendor "Cisco" for product "Nx-os" and version "14.2\(7f\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9508 Search vendor "Cisco" for product "Nexus 9508"	-	-	Safe