• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

cisco

CVE-2021-1581

February 23, 2023 by

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1582

February 23, 2023 by

A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information.

CVE-2021-1583

February 23, 2023 by

A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device.

CVE-2021-1584

February 23, 2023 by

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.

CVE-2021-1586

February 23, 2023 by

A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vulnerability exists because TCP traffic sent to a specific port on an affected device is not properly sanitized. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port that is listening on a public-facing IP address for the Multi-Pod or Multi-Site configuration. A successful exploit could allow the attacker to cause the device to restart unexpectedly, resulting in a DoS condition.

CVE-2021-1587

February 23, 2023 by

A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 86
  • Go to page 87
  • Go to page 88
  • Go to page 89
  • Go to page 90
  • Interim pages omitted …
  • Go to page 120
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE