Cisco has released security updates to address a critical security vulnerability, tracked as CVE-2021-1577, in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. The vulnerability could be exploited to read or write arbitrary files on a vulnerable system
The vulnerability is due to improper access control, an unauthenticated, remote attacker could exploit the issue to upload a file to the appliances.
“A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system.” reads the advisory published by the IT giant. “This vulnerability is due to improper access control. An attacker could exploit this vulnerability by using a specific API endpoint to upload a file to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on an affected device.”
The Cisco Application Policy Infrastructure Controller (APIC) is the single point of policy and management of a Cisco Application Centric Infrastructure (ACI) fabric.
This vulnerability affects Cisco Application Policy Infrastructure Controller and Cisco Cloud APIC, the company states that there are no workarounds that address this issue.
The following table shows the affected releases and whether the company addressed the flaw with the release of a patch.
The vulnerability was discovered during an internal security audit by the Cisco Advanced Security Initiatives Group (ASIG).
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, CISCO APIC)
[adrotate banner=”5″]
[adrotate banner=”13″]
Law enforcement operation codenamed 'Operation RapTor' led to the arrest of 270 dark web vendors…
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…
Signal implements new screen security on Windows 11, blocking screenshots by default to protect user…
Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included…
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing…
This website uses cookies.
