CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-1361

CVSS 9.8v3.1pub. 2021-02-24upd. 2024-11-21

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Nexus 3000

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3100

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3100v

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3100 Z

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3200

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3400

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3500

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3600

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 9000v

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 92160yc X

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 92300yc

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 92304qc

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 92348gc X

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 9236c

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 9272q

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93108tc Ex

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93108tc Ex 24

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93108tc Fx

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93108tc Fx 24

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93120tx

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93128tx

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 9316d Gx

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93180lc Ex

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93180yc Ex

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93180yc Ex 24

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93180yc Fx

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93180yc Fx 24

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93180yc Fx3

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93180yc Fx3s

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93216tc Fx2

    HW
    Cisco
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2019-1804CRITICAL9.8ten sam produkt

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (...

CVE-2018-0310CRITICAL9.8ten sam produkt

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could a...

CVE-2018-0301CRITICAL9.8ten sam produkt

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker ...

CVE-2018-0312CRITICAL9.8ten sam produkt

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could a...

CVE-2016-1453CRITICAL9.8ten sam produkt

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Ne...