CVE-2021-1227
Vulnerability from cvelistv5
Published
2021-02-24 19:30
Modified
2024-11-08 23:40
Summary
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.
Impacted products
Vendor Product Version
Cisco Cisco NX-OS Software Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:02:56.336Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210224 Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-1227",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-08T20:20:57.173951Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-08T23:40:13.499Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco NX-OS Software",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-02-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 8.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-352",
                     description: "CWE-352",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-02-24T19:30:15",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210224 Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z",
            },
         ],
         source: {
            advisory: "cisco-sa-nxos-nxapi-csrf-wRMzWL9z",
            defect: [
               [
                  "CSCvr82908",
                  "CSCvu67365",
                  "CSCvv92342",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-02-24T16:00:00",
               ID: "CVE-2021-1227",
               STATE: "PUBLIC",
               TITLE: "Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco NX-OS Software",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.1",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-352",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210224 Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-nxos-nxapi-csrf-wRMzWL9z",
               defect: [
                  [
                     "CSCvr82908",
                     "CSCvu67365",
                     "CSCvv92342",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-1227",
      datePublished: "2021-02-24T19:30:15.985802Z",
      dateReserved: "2020-11-13T00:00:00",
      dateUpdated: "2024-11-08T23:40:13.499Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:8.4\\\\(2a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9E85905-A3F0-43C0-A578-6E9C14033D3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:8.4\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D725607-74D5-4700-B4B7-0C35D119F9BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:8.4\\\\(3\\\\)s19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B15BFF7-F074-4FE9-ACB6-CC82D9D226C4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:mds_9148s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D25FA4A8-408B-4E94-B7D9-7DC54B61322F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:mds_9250i:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67CD5738-029B-43AA-9342-63719DC16138\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:mds_9706:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5182CB50-4D32-4835-B1A8-817D989F919F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:mds_9710:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36B3B617-7554-4C36-9B41-19AA3BD2F6E9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:9.3\\\\(3\\\\)idi9\\\\(0.569\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90F7158A-AFAC-4E2A-84FD-426FC44AC452\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC2A6C31-438A-4CF5-A3F3-364B1672EB7D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29B34855-D8D2-4114-80D2-A4D159C62458\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BF4B8FE-E134-4491-B5C2-C1CFEB64731B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4226DA0-9371-401C-8247-E6E636A116C3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7664666F-BCE4-4799-AEEA-3A73E6AD33F4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3293438-3D18-45A2-B093-2C3F65783336\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C97C29EE-9426-4BBE-8D84-AB5FF748703D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F43B770-D96C-44EA-BC12-9F39FC4317B9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CED628B5-97A8-4B26-AA40-BEC854982157\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BB9DD73-E31D-4921-A6D6-E14E04703588\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"652A2849-668D-4156-88FB-C19844A59F33\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24FBE87B-8A4F-43A8-98A3-4A7D9C630937\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ACD09AC-8B28-4ACB-967B-AB3D450BC137\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D397349-CCC6-479B-9273-FB1FFF4F34F2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC7286A7-780F-4A45-940A-4AD5C9D0F201\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F7AF8D7-431B-43CE-840F-CC0817D159C0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAC204C8-1A5A-4E85-824E-DC9B8F6A802D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F80A72-AD54-4699-B8AE-82715F0B58E2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9354B6A2-D7D6-442E-BF4C-FE8A336D9E94\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74CB4002-7636-4382-B33E-FBA060A13C34\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10CEBF73-3EE0-459A-86C5-F8F6243FE27C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95D2C4C3-65CE-4612-A027-AF70CEFC3233\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57572E4A-78D5-4D1A-938B-F05F01759612\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"532CE4B0-A3C9-4613-AAAF-727817D06FB4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:nx-os:7.3\\\\(8\\\\)n1\\\\(0.809\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DE5E39F-ECE1-44E6-9CFE-FEF903317E46\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5519EA9-1236-4F51-9974-E3FC1B26B5D2\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1766443C-1C5A-486E-A36F-D3045F364D78\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABB6E612-4246-4408-B3F6-B31E771F5ACB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91B129B2-2B31-4DE0-9F83-CC6E0C8729A0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CBD3CD0-B542-4B23-9C9D-061643BE44E8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A22A2647-A4C0-4681-BBC5-D95ADBAA0457\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"367C2A49-4C4D-471B-9B34-AFAFA5AE9503\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9662D6B-AF0F-45C8-B7CD-AE7C76593FDB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F557E38-09F6-42C6-BABA-3C3168B38BBA\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la funcionalidad NX-API del software Cisco NX-OS podr\\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site request forgery (CSRF) en un sistema afectado. Esta vulnerabilidad es debido a las protecciones CSRF insuficientes para la NX-API en un dispositivo afectado. Un atacante podr\\u00eda explotar esta vulnerabilidad al persuadir a un usuario de la NX-API para que siga un enlace malicioso. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante llevar a cabo acciones arbitrarias con el nivel de privilegio del usuario afectado. El atacante podr\\u00eda visualizar  y modificar la configuraci\\u00f3n del dispositivo. Nota: La funcionalidad NX-API est\\u00e1 desactivada por defecto\"}]",
         id: "CVE-2021-1227",
         lastModified: "2024-11-21T05:43:52.533",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}], \"cvssMetricV30\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
         published: "2021-02-24T20:15:12.410",
         references: "[{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
         sourceIdentifier: "ykramarz@cisco.com",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2021-1227\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2021-02-24T20:15:12.410\",\"lastModified\":\"2024-11-21T05:43:52.533\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la funcionalidad NX-API del software Cisco NX-OS podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site request forgery (CSRF) en un sistema afectado. Esta vulnerabilidad es debido a las protecciones CSRF insuficientes para la NX-API en un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario de la NX-API para que siga un enlace malicioso. Una explotación con éxito podría permitir al atacante llevar a cabo acciones arbitrarias con el nivel de privilegio del usuario afectado. El atacante podría visualizar  y modificar la configuración del dispositivo. Nota: La funcionalidad NX-API está desactivada por defecto\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:8.4\\\\(2a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9E85905-A3F0-43C0-A578-6E9C14033D3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:8.4\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D725607-74D5-4700-B4B7-0C35D119F9BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:8.4\\\\(3\\\\)s19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B15BFF7-F074-4FE9-ACB6-CC82D9D226C4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:mds_9148s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D25FA4A8-408B-4E94-B7D9-7DC54B61322F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:mds_9250i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67CD5738-029B-43AA-9342-63719DC16138\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:mds_9706:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5182CB50-4D32-4835-B1A8-817D989F919F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:mds_9710:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B3B617-7554-4C36-9B41-19AA3BD2F6E9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:9.3\\\\(3\\\\)idi9\\\\(0.569\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90F7158A-AFAC-4E2A-84FD-426FC44AC452\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC2A6C31-438A-4CF5-A3F3-364B1672EB7D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29B34855-D8D2-4114-80D2-A4D159C62458\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF4B8FE-E134-4491-B5C2-C1CFEB64731B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4226DA0-9371-401C-8247-E6E636A116C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7664666F-BCE4-4799-AEEA-3A73E6AD33F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3293438-3D18-45A2-B093-2C3F65783336\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C97C29EE-9426-4BBE-8D84-AB5FF748703D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F43B770-D96C-44EA-BC12-9F39FC4317B9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CED628B5-97A8-4B26-AA40-BEC854982157\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BB9DD73-E31D-4921-A6D6-E14E04703588\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"652A2849-668D-4156-88FB-C19844A59F33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24FBE87B-8A4F-43A8-98A3-4A7D9C630937\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ACD09AC-8B28-4ACB-967B-AB3D450BC137\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D397349-CCC6-479B-9273-FB1FFF4F34F2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7286A7-780F-4A45-940A-4AD5C9D0F201\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F7AF8D7-431B-43CE-840F-CC0817D159C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAC204C8-1A5A-4E85-824E-DC9B8F6A802D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F80A72-AD54-4699-B8AE-82715F0B58E2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9354B6A2-D7D6-442E-BF4C-FE8A336D9E94\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74CB4002-7636-4382-B33E-FBA060A13C34\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10CEBF73-3EE0-459A-86C5-F8F6243FE27C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D2C4C3-65CE-4612-A027-AF70CEFC3233\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57572E4A-78D5-4D1A-938B-F05F01759612\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532CE4B0-A3C9-4613-AAAF-727817D06FB4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63BE0266-1C00-4D6A-AD96-7F82532ABAA7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:nx-os:7.3\\\\(8\\\\)n1\\\\(0.809\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DE5E39F-ECE1-44E6-9CFE-FEF903317E46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5519EA9-1236-4F51-9974-E3FC1B26B5D2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1766443C-1C5A-486E-A36F-D3045F364D78\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB6E612-4246-4408-B3F6-B31E771F5ACB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91B129B2-2B31-4DE0-9F83-CC6E0C8729A0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CBD3CD0-B542-4B23-9C9D-061643BE44E8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A22A2647-A4C0-4681-BBC5-D95ADBAA0457\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"367C2A49-4C4D-471B-9B34-AFAFA5AE9503\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9662D6B-AF0F-45C8-B7CD-AE7C76593FDB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F557E38-09F6-42C6-BABA-3C3168B38BBA\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z\", \"name\": \"20210224 Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T16:02:56.336Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-1227\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-08T20:20:57.173951Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-08T20:40:42.673Z\"}}], \"cna\": {\"title\": \"Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability\", \"source\": {\"defect\": [[\"CSCvr82908\", \"CSCvu67365\", \"CSCvv92342\"]], \"advisory\": \"cisco-sa-nxos-nxapi-csrf-wRMzWL9z\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco NX-OS Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2021-02-24T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z\", \"name\": \"20210224 Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2021-02-24T19:30:15\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"8.1\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\"}}, \"source\": {\"defect\": [[\"CSCvr82908\", \"CSCvu67365\", \"CSCvv92342\"]], \"advisory\": \"cisco-sa-nxos-nxapi-csrf-wRMzWL9z\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco NX-OS Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-csrf-wRMzWL9z\", \"name\": \"20210224 Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-352\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-1227\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2021-02-24T16:00:00\"}}}}",
         cveMetadata: "{\"cveId\": \"CVE-2021-1227\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-08T23:40:13.499Z\", \"dateReserved\": \"2020-11-13T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2021-02-24T19:30:15.985802Z\", \"assignerShortName\": \"cisco\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.