Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches

Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches

Cisco addressed a critical security vulnerability in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches.

Cisco has released security updates to address a critical security vulnerability, tracked as CVE-2021-1577, in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. The vulnerability could be exploited to read or write arbitrary files on a vulnerable system

The vulnerability is due to improper access control, an unauthenticated, remote attacker could exploit the issue to upload a file to the appliances.

“A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system.” reads the advisory published by the IT giant. “This vulnerability is due to improper access control. An attacker could exploit this vulnerability by using a specific API endpoint to upload a file to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on an affected device.”

The Cisco Application Policy Infrastructure Controller (APIC) is the single point of policy and management of a Cisco Application Centric Infrastructure (ACI) fabric.

This vulnerability affects Cisco Application Policy Infrastructure Controller and Cisco Cloud APIC, the company states that there are no workarounds that address this issue.

The following table shows the affected releases and whether the company addressed the flaw with the release of a patch.

Cisco APIC

The vulnerability was discovered during an internal security audit by the Cisco Advanced Security Initiatives Group (ASIG).

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, CISCO APIC)




Leave a Reply

Your email address will not be published. Required fields are marked *