CVE-2021-1228

Published: Feb 24, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. This vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a crafted LLDP packet on the adjacent subnet to an affected device. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

Affected (162)

Products: Cisco: Nx Os

Cisco

1 product

Nx Os

Configuration A

162 vulnerable · 40 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 11.0(1b)
Cisco Nx Os	Version 11.0(1c)
Cisco Nx Os	Version 11.0(1d)
Cisco Nx Os	Version 11.0(1e)
Cisco Nx Os	Version 11.0(2j)
Cisco Nx Os	Version 11.0(2m)
Cisco Nx Os	Version 11.0(3f)
Cisco Nx Os	Version 11.0(3i)
Cisco Nx Os	Version 11.0(3k)
Cisco Nx Os	Version 11.0(3n)
Cisco Nx Os	Version 11.0(3o)
Cisco Nx Os	Version 11.0(4g)
Cisco Nx Os	Version 11.0(4h)
Cisco Nx Os	Version 11.0(4o)
Cisco Nx Os	Version 11.0(4q)
Cisco Nx Os	Version 11.1(1j)
Cisco Nx Os	Version 11.1(1o)
Cisco Nx Os	Version 11.1(1r)
Cisco Nx Os	Version 11.1(1s)
Cisco Nx Os	Version 11.1(2h)
Cisco Nx Os	Version 11.1(2i)
Cisco Nx Os	Version 11.1(3f)
Cisco Nx Os	Version 11.1(4e)
Cisco Nx Os	Version 11.1(4f)
Cisco Nx Os	Version 11.1(4g)
Cisco Nx Os	Version 11.1(4i)
Cisco Nx Os	Version 11.1(4l)
Cisco Nx Os	Version 11.1(4m)
Cisco Nx Os	Version 11.2(1i)
Cisco Nx Os	Version 11.2(1k)
Cisco Nx Os	Version 11.2(1m)
Cisco Nx Os	Version 11.2(2g)
Cisco Nx Os	Version 11.2(2h)
Cisco Nx Os	Version 11.2(2i)
Cisco Nx Os	Version 11.2(2j)
Cisco Nx Os	Version 11.2(3c)
Cisco Nx Os	Version 11.2(3e)
Cisco Nx Os	Version 11.2(3h)
Cisco Nx Os	Version 11.2(3m)
Cisco Nx Os	Version 11.3(1g)
Cisco Nx Os	Version 11.3(1h)
Cisco Nx Os	Version 11.3(1i)
Cisco Nx Os	Version 11.3(1j)
Cisco Nx Os	Version 11.3(2f)
Cisco Nx Os	Version 11.3(2h)
Cisco Nx Os	Version 11.3(2i)
Cisco Nx Os	Version 11.3(2j)
Cisco Nx Os	Version 11.3(2k)
Cisco Nx Os	Version 12.0(1m)
Cisco Nx Os	Version 12.0(1n)
Cisco Nx Os	Version 12.0(1o)
Cisco Nx Os	Version 12.0(1p)
Cisco Nx Os	Version 12.0(1q)
Cisco Nx Os	Version 12.0(1r)
Cisco Nx Os	Version 12.0(2f)
Cisco Nx Os	Version 12.0(2g)
Cisco Nx Os	Version 12.0(2h)
Cisco Nx Os	Version 12.0(2l)
Cisco Nx Os	Version 12.0(2m)
Cisco Nx Os	Version 12.0(2n)
Cisco Nx Os	Version 12.0(2o)
Cisco Nx Os	Version 12.1(1h)
Cisco Nx Os	Version 12.1(1i)
Cisco Nx Os	Version 12.1(2e)
Cisco Nx Os	Version 12.1(2g)
Cisco Nx Os	Version 12.1(2k)
Cisco Nx Os	Version 12.1(3g)
Cisco Nx Os	Version 12.1(3h)
Cisco Nx Os	Version 12.1(3j)
Cisco Nx Os	Version 12.1(4a)
Cisco Nx Os	Version 12.2(1k)
Cisco Nx Os	Version 12.2(1n)
Cisco Nx Os	Version 12.2(1o)
Cisco Nx Os	Version 12.2(2e)
Cisco Nx Os	Version 12.2(2f)
Cisco Nx Os	Version 12.2(2i)
Cisco Nx Os	Version 12.2(2j)
Cisco Nx Os	Version 12.2(2k)
Cisco Nx Os	Version 12.2(2q)
Cisco Nx Os	Version 12.2(3j)
Cisco Nx Os	Version 12.2(3p)
Cisco Nx Os	Version 12.2(3r)
Cisco Nx Os	Version 12.2(3s)
Cisco Nx Os	Version 12.2(3t)
Cisco Nx Os	Version 12.2(4f)
Cisco Nx Os	Version 12.2(4p)
Cisco Nx Os	Version 12.2(4q)
Cisco Nx Os	Version 12.2(4r)
Cisco Nx Os	Version 12.3(1e)
Cisco Nx Os	Version 12.3(1f)
Cisco Nx Os	Version 12.3(1i)
Cisco Nx Os	Version 12.3(1l)
Cisco Nx Os	Version 12.3(1o)
Cisco Nx Os	Version 12.3(1p)
Cisco Nx Os	Version 13.0(1k)
Cisco Nx Os	Version 13.0(2h)
Cisco Nx Os	Version 13.0(2k)
Cisco Nx Os	Version 13.0(2n)
Cisco Nx Os	Version 13.1(1i)
Cisco Nx Os	Version 13.1(2m)
Cisco Nx Os	Version 13.1(2o)
Cisco Nx Os	Version 13.1(2p)
Cisco Nx Os	Version 13.1(2q)
Cisco Nx Os	Version 13.1(2s)
Cisco Nx Os	Version 13.1(2t)
Cisco Nx Os	Version 13.1(2u)
Cisco Nx Os	Version 13.1(2v)
Cisco Nx Os	Version 13.2(1l)
Cisco Nx Os	Version 13.2(1m)
Cisco Nx Os	Version 13.2(2l)
Cisco Nx Os	Version 13.2(2o)
Cisco Nx Os	Version 13.2(3i)
Cisco Nx Os	Version 13.2(3j)
Cisco Nx Os	Version 13.2(3n)
Cisco Nx Os	Version 13.2(3o)
Cisco Nx Os	Version 13.2(3r)
Cisco Nx Os	Version 13.2(3s)
Cisco Nx Os	Version 13.2(41d)
Cisco Nx Os	Version 13.2(4d)
Cisco Nx Os	Version 13.2(4e)
Cisco Nx Os	Version 13.2(5d)
Cisco Nx Os	Version 13.2(5e)
Cisco Nx Os	Version 13.2(5f)
Cisco Nx Os	Version 13.2(6i)
Cisco Nx Os	Version 13.2(7f)
Cisco Nx Os	Version 13.2(7k)
Cisco Nx Os	Version 13.2(8d)
Cisco Nx Os	Version 13.2(9b)
Cisco Nx Os	Version 13.2(9f)
Cisco Nx Os	Version 13.2(9h)
Cisco Nx Os	Version 14.0(1h)
Cisco Nx Os	Version 14.0(2c)
Cisco Nx Os	Version 14.0(3c)
Cisco Nx Os	Version 14.0(3d)
Cisco Nx Os	Version 14.1(1i)
Cisco Nx Os	Version 14.1(1j)
Cisco Nx Os	Version 14.1(1k)
Cisco Nx Os	Version 14.1(1l)
Cisco Nx Os	Version 14.1(2g)
Cisco Nx Os	Version 14.1(2m)
Cisco Nx Os	Version 14.1(2o)
Cisco Nx Os	Version 14.1(2s)
Cisco Nx Os	Version 14.1(2u)
Cisco Nx Os	Version 14.1(2w)
Cisco Nx Os	Version 14.1(2x)
Cisco Nx Os	Version 14.2(1i)
Cisco Nx Os	Version 14.2(1j)
Cisco Nx Os	Version 14.2(1l)
Cisco Nx Os	Version 14.2(2e)
Cisco Nx Os	Version 14.2(2f)
Cisco Nx Os	Version 14.2(3j)
Cisco Nx Os	Version 14.2(3l)
Cisco Nx Os	Version 14.2(3n)
Cisco Nx Os	Version 14.2(3q)
Cisco Nx Os	Version 14.2(4i)
Cisco Nx Os	Version 14.2(4k)
Cisco Nx Os	Version 14.2(4o)
Cisco Nx Os	Version 14.2(4p)
Cisco Nx Os	Version 14.2(5k)
Cisco Nx Os	Version 15.0(1k)
Cisco Nx Os	Version 15.0(1l)
Cisco Nx Os	Version 15.0(2h)

Running on/with	Platform Versions
Cisco Nexus 9000v	All versions
Cisco Nexus 92160yc X	All versions
Cisco Nexus 92300yc	All versions
Cisco Nexus 92304qc	All versions
Cisco Nexus 92348gc X	All versions
Cisco Nexus 9236c	All versions
Cisco Nexus 9272q	All versions
Cisco Nexus 93108tc Ex	All versions
Cisco Nexus 93108tc Ex 24	All versions
Cisco Nexus 93108tc Fx	All versions
Cisco Nexus 93108tc Fx 24	All versions
Cisco Nexus 93120tx	All versions
Cisco Nexus 93128tx	All versions
Cisco Nexus 9316d Gx	All versions
Cisco Nexus 93180lc Ex	All versions
Cisco Nexus 93180yc Ex	All versions
Cisco Nexus 93180yc Ex 24	All versions
Cisco Nexus 93180yc Fx	All versions
Cisco Nexus 93180yc Fx 24	All versions
Cisco Nexus 93180yc Fx3	All versions
Cisco Nexus 93180yc Fx3s	All versions
Cisco Nexus 93216tc Fx2	All versions
Cisco Nexus 93240yc Fx2	All versions
Cisco Nexus 9332c	All versions
Cisco Nexus 9332pq	All versions
Cisco Nexus 93360yc Fx2	All versions
Cisco Nexus 9336c Fx2	All versions
Cisco Nexus 9336c Fx2 E	All versions
Cisco Nexus 9336pq Aci Spine	All versions
Cisco Nexus 9348gc Fxp	All versions
Cisco Nexus 93600cd Gx	All versions
Cisco Nexus 9364c	All versions
Cisco Nexus 9364c Gx	All versions
Cisco Nexus 9372px	All versions
Cisco Nexus 9372px E	All versions
Cisco Nexus 9372tx	All versions
Cisco Nexus 9372tx E	All versions
Cisco Nexus 9396px	All versions
Cisco Nexus 9396tx	All versions
Cisco Nexus 9508	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-unauth-access-5PWzDx2w

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-unauth-access-5PWzDx2w

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.