Multiple vulnerabilities in Cisco Nexus 9000 Series Switches in ACI Mode
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-1228 CVE-2021-1230 |
| CWE-ID | CWE-284 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco Nexus 9000 Series Switches in ACI Mode Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU50938
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-1228
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. A remote attacker on the local network can send a specially crafted LLDP packet and make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Nexus 9000 Series Switches in ACI Mode: 14.1.2g
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU50939
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-1230
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an issue with the installation of routes upon receipt of the Border Gateway Protocol (BGP) update. A remote attacker can send a specially crafted BGP update to the affected device and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco Nexus 9000 Series Switches in ACI Mode: 14.1.2m - 14.2.2.19
CPE2.3- cpe:2.3:h:cisco_systems:cisco_nexus_9000_series_switches_in_aci_mode:14.1.2m:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_9000_series_switches_in_aci_mode:14.2.2.19:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-bgp-De9dPKSK
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
