CVE-2021-1227

Published Feb 24, 2021

Last updated 4 years ago

CVSS high 8.1

Overview

Description: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

ykramarz@cisco.com: CWE-352

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:mds_9148s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D25FA4A8-408B-4E94-B7D9-7DC54B61322F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9250i:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "67CD5738-029B-43AA-9342-63719DC16138"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9706:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5182CB50-4D32-4835-B1A8-817D989F919F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:mds_9710:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "36B3B617-7554-4C36-9B41-19AA3BD2F6E9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:8.4\\(2a\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9E85905-A3F0-43C0-A578-6E9C14033D3D"
          },
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:8.4\\(3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D725607-74D5-4700-B4B7-0C35D119F9BE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:8.4\\(3\\)s19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B15BFF7-F074-4FE9-ACB6-CC82D9D226C4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_31108pv-v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "29B34855-D8D2-4114-80D2-A4D159C62458"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C97C29EE-9426-4BBE-8D84-AB5FF748703D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8F43B770-D96C-44EA-BC12-9F39FC4317B9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CED628B5-97A8-4B26-AA40-BEC854982157"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7BB9DD73-E31D-4921-A6D6-E14E04703588"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "652A2849-668D-4156-88FB-C19844A59F33"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_9200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "532CE4B0-A3C9-4613-AAAF-727817D06FB4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_9300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "92E2CB2B-DA11-4CF7-9D57-3D4D48990DC0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63BE0266-1C00-4D6A-AD96-7F82532ABAA7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:9.3\\(3\\)idi9\\(0.569\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90F7158A-AFAC-4E2A-84FD-426FC44AC452"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1766443C-1C5A-486E-A36F-D3045F364D78"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ABB6E612-4246-4408-B3F6-B31E771F5ACB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "91B129B2-2B31-4DE0-9F83-CC6E0C8729A0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3CBD3CD0-B542-4B23-9C9D-061643BE44E8"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A22A2647-A4C0-4681-BBC5-D95ADBAA0457"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "367C2A49-4C4D-471B-9B34-AFAFA5AE9503"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A9662D6B-AF0F-45C8-B7CD-AE7C76593FDB"
          },
          {
            "criteria": "cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4F557E38-09F6-42C6-BABA-3C3168B38BBA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:nx-os:7.3\\(8\\)n1\\(0.809\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DE5E39F-ECE1-44E6-9CFE-FEF903317E46"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References