Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1361

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing.

Published

2021-02-24T20:15:13.287

Last Modified

2024-11-21T05:44:10.800

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

9.2

Weaknesses

Type: Primary
CWE-552

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	nx-os	9.3\(5\)	Yes
Operating System	cisco	nx-os	9.3\(6\)	Yes
Hardware	cisco	nexus_3000	-	No
Hardware	cisco	nexus_3100	-	No
Hardware	cisco	nexus_3100-z	-	No
Hardware	cisco	nexus_3100v	-	No
Hardware	cisco	nexus_3200	-	No
Hardware	cisco	nexus_3400	-	No
Hardware	cisco	nexus_3500	-	No
Hardware	cisco	nexus_3600	-	No
Hardware	cisco	nexus_9000v	-	No
Hardware	cisco	nexus_92160yc-x	-	No
Hardware	cisco	nexus_92300yc	-	No
Hardware	cisco	nexus_92304qc	-	No
Hardware	cisco	nexus_92348gc-x	-	No
Hardware	cisco	nexus_9236c	-	No
Hardware	cisco	nexus_9272q	-	No
Hardware	cisco	nexus_93108tc-ex	-	No
Hardware	cisco	nexus_93108tc-ex-24	-	No
Hardware	cisco	nexus_93108tc-fx	-	No
Hardware	cisco	nexus_93108tc-fx-24	-	No
Hardware	cisco	nexus_93120tx	-	No
Hardware	cisco	nexus_93128tx	-	No
Hardware	cisco	nexus_9316d-gx	-	No
Hardware	cisco	nexus_93180lc-ex	-	No
Hardware	cisco	nexus_93180yc-ex	-	No
Hardware	cisco	nexus_93180yc-ex-24	-	No
Hardware	cisco	nexus_93180yc-fx	-	No
Hardware	cisco	nexus_93180yc-fx-24	-	No
Hardware	cisco	nexus_93180yc-fx3	-	No
Hardware	cisco	nexus_93180yc-fx3s	-	No
Hardware	cisco	nexus_93216tc-fx2	-	No
Hardware	cisco	nexus_93240yc-fx2	-	No
Hardware	cisco	nexus_9332c	-	No
Hardware	cisco	nexus_9332pq	-	No
Hardware	cisco	nexus_93360yc-fx2	-	No
Hardware	cisco	nexus_9336c-fx2	-	No
Hardware	cisco	nexus_9336c-fx2-e	-	No
Hardware	cisco	nexus_9336pq_aci_spine	-	No
Hardware	cisco	nexus_9348gc-fxp	-	No
Hardware	cisco	nexus_93600cd-gx	-	No
Hardware	cisco	nexus_9364c	-	No
Hardware	cisco	nexus_9364c-gx	-	No
Hardware	cisco	nexus_9372px	-	No
Hardware	cisco	nexus_9372px-e	-	No
Hardware	cisco	nexus_9372tx	-	No
Hardware	cisco	nexus_9372tx-e	-	No
Hardware	cisco	nexus_9396px	-	No
Hardware	cisco	nexus_9396tx	-	No
Hardware	cisco	nexus_9508	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2 Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)