CVE-2021-1581

EUVD-2021-7048
Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
ciscoCNA
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
ciscoapplication_policy_infrastructure_controller
𝑥
< 3.2\(10f\)
ciscoapplication_policy_infrastructure_controller
4.0 ≤
𝑥
< 4.2\(7l\)
ciscoapplication_policy_infrastructure_controller
5.0 ≤
𝑥
< 5.2\(1g\)
ciscocloud_application_policy_infrastructure_controller
𝑥
< 3.2\(10f\)
ciscocloud_application_policy_infrastructure_controller
4.0 ≤
𝑥
< 4.2\(7l\)
ciscocloud_application_policy_infrastructure_controller
5.0 ≤
𝑥
< 5.2\(1g\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW