Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches

Cisco addressed a critical security vulnerability in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches.

Cisco has released security updates to address a critical security vulnerability, tracked as CVE-2021-1577, in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. The vulnerability could be exploited to read or write arbitrary files on a vulnerable system

The vulnerability is due to improper access control, an unauthenticated, remote attacker could exploit the issue to upload a file to the appliances.

“A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system.” reads the advisory published by the IT giant. “This vulnerability is due to improper access control. An attacker could exploit this vulnerability by using a specific API endpoint to upload a file to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on an affected device.”

The Cisco Application Policy Infrastructure Controller (APIC) is the single point of policy and management of a Cisco Application Centric Infrastructure (ACI) fabric.

This vulnerability affects Cisco Application Policy Infrastructure Controller and Cisco Cloud APIC, the company states that there are no workarounds that address this issue.

The following table shows the affected releases and whether the company addressed the flaw with the release of a patch.

The vulnerability was discovered during an internal security audit by the Cisco Advanced Security Initiatives Group (ASIG).

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISCO APIC)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.