CVE-2021-1580
25.08.2021, 20:15
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
| Vendor | Product | Version |
|---|---|---|
| cisco | application_policy_infrastructure_controller | 𝑥 < 3.2\(10e\) |
| cisco | application_policy_infrastructure_controller | 4.0 ≤ 𝑥 < 4.2\(6h\) |
| cisco | application_policy_infrastructure_controller | 5.0 ≤ 𝑥 < 5.1\(3e\) |
| cisco | cloud_application_policy_infrastructure_controller | 𝑥 < 3.2\(10e\) |
| cisco | cloud_application_policy_infrastructure_controller | 4.0 ≤ 𝑥 < 4.2\(6h\) |
| cisco | cloud_application_policy_infrastructure_controller | 5.0 ≤ 𝑥 < 5.1\(3e\) |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.