FKIE_CVE-2021-1579

Vulnerability from fkie_nvd - Published: 2021-08-25 20:15 - Updated: 2024-11-21 05:44
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8Patch, Vendor Advisory
Impacted products
Vendor Product Version
cisco application_policy_infrastructure_controller *
cisco application_policy_infrastructure_controller *
cisco application_policy_infrastructure_controller *
cisco cloud_application_policy_infrastructure_controller *
cisco cloud_application_policy_infrastructure_controller *
cisco cloud_application_policy_infrastructure_controller *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E54A7EC-C94D-450D-913C-DECBCBE3E840",
              "versionEndExcluding": "3.2\\(10f\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C1907FF-8F31-42A7-A1F3-6DADA57301AE",
              "versionEndExcluding": "4.2\\(7l\\)",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC568558-0F41-4B14-81D5-AB7CD330E57C",
              "versionEndExcluding": "5.2\\(2f\\)",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD196DC-2522-46EA-BD15-5B6F7528B073",
              "versionEndExcluding": "3.2\\(10f\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1334B099-27F9-4597-8C6E-0FF88F654A03",
              "versionEndExcluding": "4.2\\(7l\\)",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC2B3DBF-1A05-4D11-AC0C-F709A6BA6620",
              "versionEndExcluding": "5.2\\(2f\\)",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en un endpoint de la API de Cisco Application Policy Infrastructure Controller (APIC) y Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) podr\u00eda permitir a un atacante remoto autenticado con credenciales de s\u00f3lo lectura de Administrador elevar los privilegios en un sistema afectado. Esta vulnerabilidad es debido a un control de acceso insuficiente basado en roles (RBAC). Un atacante con credenciales de Administrador de s\u00f3lo lectura podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n de API espec\u00edfica usando una aplicaci\u00f3n con credenciales de escritura de administrador. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante elevar los privilegios a Administrador con privilegios de escritura en el dispositivo afectado."
    }
  ],
  "id": "CVE-2021-1579",
  "lastModified": "2024-11-21T05:44:39.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-25T20:15:10.303",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.