CVE-2021-1579
Summary
| CVE | CVE-2021-1579 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-08-25 20:15:00 UTC |
|---|
| Updated | 2023-11-07 03:28:00 UTC |
|---|
| Description | A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability |
CISCO |
tools.cisco.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 317019 Cisco Application Policy Infrastructure Controller (APIC) App Privilege Escalation Vulnerability (cisco-sa-capic-chvul-CKfGYBh8)
