CVE-2021-1583 — Vulnetix

CVE-2021-1583 PUBLISHED CVSS 4.400000095367432 MEDIUM

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device.

EPSS 0.16% · 36.3th percentile

Risk Scores

CVSS 3.1

4.400000095367432

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.16%

36.3th percentile

Affected Products

Vendor	Product	Versions
cisco	nx-os	14.2\(7f\)
Cisco	Cisco NX-OS System Software in ACI Mode	n/a

Exploit Intelligence

20210825 Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability (circl)

Timeline

Aug 25, 2021 CVE Published
Aug 26, 2021 EPSS Score
Oct 23, 2021 EPSS Score
Dec 20, 2021 EPSS Score
Feb 17, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 16, 2022 EPSS Score
Jun 13, 2022 EPSS Score
Aug 11, 2022 EPSS Score
Oct 8, 2022 EPSS Score
Dec 30, 2022 EPSS Score
Feb 2, 2023 EPSS Score

References

20210825 Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-1583 advisory

Open in Interactive Console →