Request a Demo
Rewterz
Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 26, 2021
Rewterz
Rewterz Threat Alert – BabyElephant APT Targeting Pakistan – Active IOCs
August 27, 2021

Rewterz Threat Advisory – Multiple Cisco Products Security Bypass

Severity

Medium

Analysis Summary

CVE-2021-1591

Cisco Nexus 9500 Series Switches could allow a remote attacker to bypass security restrictions, caused by oversubscription of resources that occurs when applying ACLs to port-channel interfaces. By attempting to access network resources that are protected by the ACL, an attacker could exploit this vulnerability to bypass access control list (ACL) rules.

CVE-2021-1586

Cisco Nexus 9000 Series Fabric Switches is vulnerable to a denial of service, caused by improper validation of TCP traffic sent to a specific port. By sending a specially crafted TCP data to a specific port, a remote attacker could exploit this vulnerability to cause the device to restart unexpectedly, and results in a denial of service condition.

CVE-2021-1523

Cisco Nexus 9000 Series Fabric Switches in ACI mode are vulnerable to a denial of service, caused by the mishandling of ingress TCP traffic to a specific port. By sending specially crafted stream of TCP packets to a specific port on a Switched Virtual Interface (SVI), a remote attacker could exploit this vulnerability to cause an eventual queue wedge, and results in a denial of service condition.

CVE-2021-1590

Cisco NX-OS Software is vulnerable to a denial of service, caused by a logic error in the implementation of the system login block-for command. By performing a brute-force login attack, a remote attacker could exploit this vulnerability to cause a login process to reload.

CVE-2021-1584

Cisco Nexus 9000 Series Fabric Switches could allow a locally authenticated attacker to gain elevated privileges on the system, caused by insufficient restrictions during the execution of a specific CLI command. By performing a command injection attack on the vulnerable command, an attacker could exploit this vulnerability to elevate privileges.

CVE-2021-1583

Cisco Nexus 9000 Series Fabric Switches could allow a locally authenticated attacker to obtain sensitive information, caused by improper access control in fabric infrastructure file system. By executing a specific vulnerable command, an attacker could exploit this vulnerability to read arbitrary files on an affected system.

CVE-2021-1577

Cisco Application Policy Infrastructure Controller could allow a remote attacker to obtain sensitive information, caused by improper access control in an API endpoint. By using a specific API endpoint to upload a file to an affected device, an attacker could exploit this vulnerability to read or write arbitrary files on an affected system.

CVE-2021-1592

Cisco UCS Manager Software is vulnerable to a denial of service, caused by improper resource management for established SSH sessions. By opening a significant number of SSH sessions, a remote authenticated attacker could exploit this vulnerability to cause the internal process to crash and restart, and results in a denial of service condition.

CVE-2021-1579

Cisco application Policy Infrastructure Controller (APIC) and Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an insufficient role-based access control (RBAC). By sending a specially-crafted API request using an app with admin write credentials, an authenticated attacker could exploit this vulnerability to gain elevate privileges to Administrator with write privileges.

CVE-2021-1578

Cisco Application Policy Infrastructure Controller (APIC) and Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an improper policy default setting. By sending a specially-crafted API request, an authenticated attacker could exploit this vulnerability to gain elevate privileges to Administrator on the device.

CVE-2021-1581

Cisco Application Policy Infrastructure Controller could allow a remote attacker to upload arbitrary files, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to upload a malicious file to fill the upload partition of the affected device.

CVE-2021-1580

Cisco Application Policy Infrastructure Controller could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation in the web UI and API endpoint. By injecting specially crafted input during a specific command execution, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

Impact

  • Security Bypass
  • Denial of Services
  • Information Disclosure
  • Information Theft
  • Privilege Access

Affected Vendors

Cisco

Affected Products

  • Cisco Nexus 9500 Series Switches
  • Cisco Nexus 9000 Series Fabric Switches in ACI mode
  • Cisco N9K-C9372PX-E
  • Cisco N9K-C9372TX-E
  • Cisco N9K-C9332PQ
  • Cisco N9K-C9372PX
  • Cisco NX-OS Software
  • Cisco Application Policy Infrastructure Controller
  • Cisco UCS 6400 Series Fabric Interconnects
  • Cisco UCS Manager software
  • Cisco Application Policy Infrastructure Controller (APIC)
  • Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC)

Remediation

Refer to Cisco Nexus 9500 Series Switches for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe

Refer to Cisco Advisory for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-tcp-dos-YXukt6gM

Refer to Cisco Nexus 9000 Series Fabric Switches in ACI mode for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKF

Refer to Cisco NX-OS Software for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu

Refer to Cisco Nexus 9000 Series Fabric Switches for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU

Refer to Cisco Nexus 9000 Series Fabric Switches for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7

Refer to Cisco Application Policy Infrastructure Controller for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-frw-Nt3RYxR2

Refer to Cisco UCS Manager Software for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy

Refer to Cisco (APIC) and (Cloud APIC) for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8

Refer to Cisco (APIC) and (Cloud APIC)  for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-pesc-pkmGK4J

Refer to Cisco Application Policy Infrastructure Controller file upload for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW

Refer to Cisco Application Policy Infrastructure Controller for patch, upgrade or suggested workaround information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW