← Back

CVE-2021-1580

nvd nist
Published: Aug 25, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (6)

Cisco
2 products
Application Policy Infrastructure Controller
Cloud Application Policy Infrastructure Controller
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Application Policy Infrastructure Controller
Before 3.2\(10e\)
Application Policy Infrastructure Controller
From 4.0 to 4.2\(6h\)
Application Policy Infrastructure Controller
From 5.0 to 5.1\(3e\)
Cisco
Cloud Application Policy Infrastructure Controller
Before 3.2\(10e\)
Cloud Application Policy Infrastructure Controller
From 4.0 to 4.2\(6h\)
Cloud Application Policy Infrastructure Controller
From 5.0 to 5.1\(3e\)

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.