CVE-2021-1581

Published: Aug 25, 2021Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (6)

Products: Cisco: Application Policy Infrastructure Controller, Cloud Application Policy Infrastructure Controller

Cisco

2 products

Application Policy Infrastructure Controller

Cloud Application Policy Infrastructure Controller

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Cisco Application Policy Infrastructure Controller	Before 3.2\(10f\)
Cisco Application Policy Infrastructure Controller	From 4.0 to 4.2\(7l\)
Cisco Application Policy Infrastructure Controller	From 5.0 to 5.2\(1g\)
Cisco Cloud Application Policy Infrastructure Controller	Before 3.2\(10f\)
Cisco Cloud Application Policy Infrastructure Controller	From 4.0 to 4.2\(7l\)
Cisco Cloud Application Policy Infrastructure Controller	From 5.0 to 5.2\(1g\)

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW

Source: psirt@cisco.com

PatchVendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.