← Back

CVE-2021-1591

nvd nist
Published: Aug 25, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs when applying ACLs to port channel interfaces. An attacker could exploit this vulnerability by attempting to access network resources that are protected by the ACL. A successful exploit could allow the attacker to access network resources that would be protected by the ACL that was applied on the port channel interface.

Affected (1)

Products: Cisco: Nx Os
Cisco
1 product
Nx Os
Configuration A
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Nx Os
Version 9.3(4)
Running on/withPlatform Versions
Cisco
Nexus 9500 16 Slot
All versions
Cisco
Nexus 9500 4 Slot
All versions
Cisco
Nexus 9500 8 Slot
All versions
Cisco
Nexus 9504
All versions
Cisco
Nexus 9508
All versions
Cisco
Nexus 9516
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: psirt@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.