Cisco Security Advisory - Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

[Netwörkheäd]

Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system.

This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8

     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2021-1579
Source: Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability