CVE-2021-1579 - OpenCVE

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Cloud Application Policy Infrastructure Controller Application Policy Infrastructure Controller

Configuration 1 [-]

OR	cpe:2.3:a:cisco:application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller::::::::
	cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller::::::::

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2021-08-25T00:00:00

Updated: 2021-08-25T19:10:26

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1579

JSON object: View

NVD Information

Status : Modified

Published: 2021-08-25T20:15:10.303

Modified: 2023-11-07T03:28:41.010

Link: CVE-2021-1579

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Cisco Application Policy Infrastructure Controller (APIC) ", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-25T19:10:26", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20210825 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8"}], "source": {"advisory": "cisco-sa-capic-chvul-CKfGYBh8", "defect": [["CSCvw57164"]], "discovery": "INTERNAL"}, "title": "Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-08-25T16:00:00", "ID": "CVE-2021-1579", "STATE": "PUBLIC", "TITLE": "Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Application Policy Infrastructure Controller (APIC) ", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "8.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-250"}]}]}, "references": {"reference_data": [{"name": "20210825 Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8"}]}, "source": {"advisory": "cisco-sa-capic-chvul-CKfGYBh8", "defect": [["CSCvw57164"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1579", "datePublished": "2021-08-25T00:00:00", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2021-08-25T19:10:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E54A7EC-C94D-450D-913C-DECBCBE3E840", "versionEndExcluding": "3.2\\(10f\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C1907FF-8F31-42A7-A1F3-6DADA57301AE", "versionEndExcluding": "4.2\\(7l\\)", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC568558-0F41-4B14-81D5-AB7CD330E57C", "versionEndExcluding": "5.2\\(2f\\)", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FD196DC-2522-46EA-BD15-5B6F7528B073", "versionEndExcluding": "3.2\\(10f\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "1334B099-27F9-4597-8C6E-0FF88F654A03", "versionEndExcluding": "4.2\\(7l\\)", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:cloud_application_policy_infrastructure_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC2B3DBF-1A05-4D11-AC0C-F709A6BA6620", "versionEndExcluding": "5.2\\(2f\\)", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en un endpoint de la API de Cisco Application Policy Infrastructure Controller (APIC) y Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) podr\u00eda permitir a un atacante remoto autenticado con credenciales de s\u00f3lo lectura de Administrador elevar los privilegios en un sistema afectado. Esta vulnerabilidad es debido a un control de acceso insuficiente basado en roles (RBAC). Un atacante con credenciales de Administrador de s\u00f3lo lectura podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n de API espec\u00edfica usando una aplicaci\u00f3n con credenciales de escritura de administrador. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante elevar los privilegios a Administrador con privilegios de escritura en el dispositivo afectado."}], "id": "CVE-2021-1579", "lastModified": "2023-11-07T03:28:41.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2021-08-25T20:15:10.303", "references": [{"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-250"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}