CVE-2021-1584
MEDIUMCisco NX-OS - Authenticated Privilege Escalation via CLI Command Injection
Title source: llmDescription
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient restrictions during the execution of a specific CLI command. An attacker with administrative privileges could exploit this vulnerability by performing a command injection attack on the vulnerable command. A successful exploit could allow the attacker to access the underlying operating system as root.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU
Scores
CVSS v3
6.0
EPSS
0.0011
EPSS Percentile
28.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
cisco/nx-os
14.2\(7f\)
Published
Aug 25, 2021
Tracked Since
Feb 18, 2026