CVE-2021-1579

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device.

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller::::::::

History

No history.

Information

Published : 2021-08-25 20:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-1579

Mitre link : CVE-2021-1579

CVE.ORG link : CVE-2021-1579

JSON object : View

Products Affected

cisco

application_policy_infrastructure_controller
cloud_application_policy_infrastructure_controller

CWE

CWE-269

Improper Privilege Management

CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2021-1579", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-08-25T20:15:10.303", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en un endpoint de la API de Cisco Application Policy Infrastructure Controller (APIC) y Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) podr\u00eda permitir a un atacante remoto autenticado con credenciales de s\u00f3lo lectura de Administrador elevar los privilegios en un sistema afectado. Esta vulnerabilidad es debido a un control de acceso insuficiente basado en roles (RBAC). Un atacante con credenciales de Administrador de s\u00f3lo lectura podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n de API espec\u00edfica usando una aplicaci\u00f3n con credenciales de escritura de administrador. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante elevar los privilegios a Administrador con privilegios de escritura en el dispositivo afectado."}], "lastModified": "2023-11-07T03:28:41.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E54A7EC-C94D-450D-913C-DECBCBE3E840", "versionEndExcluding": "3.2\\(10f\\)"}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C1907FF-8F31-42A7-A1F3-6DADA57301AE", "versionEndExcluding": "4.2\\(7l\\)", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC568558-0F41-4B14-81D5-AB7CD330E57C", "versionEndExcluding": "5.2\\(2f\\)", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FD196DC-2522-46EA-BD15-5B6F7528B073", "versionEndExcluding": "3.2\\(10f\\)"}, {"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1334B099-27F9-4597-8C6E-0FF88F654A03", "versionEndExcluding": "4.2\\(7l\\)", "versionStartIncluding": "4.0"}, {"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC2B3DBF-1A05-4D11-AC0C-F709A6BA6620", "versionEndExcluding": "5.2\\(2f\\)", "versionStartIncluding": "5.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}