Main Vulnerability Database Vulnerabilities #VU50938

#VU50938 Improper access control in Cisco Nexus 9000 Series Switches in ACI Mode - CVE-2021-1228

Published: February 25, 2021

Vulnerability identifier: #VU50938

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-1228

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco Nexus 9000 Series Switches in ACI Mode

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. A remote attacker on the local network can send a specially crafted LLDP packet and make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-unauth-access-5PWzDx2w

#VU50938 Improper access control in Cisco Nexus 9000 Series Switches in ACI Mode - CVE-2021-1228

Description

Remediation

External links

Please verify you're human