Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2021-1228

Disclosure Date: February 24, 2021 •

CVE-2021-1228 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. This vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a crafted LLDP packet on the adjacent subnet to an affected device. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector (AV):

Adjacent_network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

High

Availability (A):

None

Vendors

cisco

Products

Weaknesses

References

Canonical

CVE-2021-1228 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1228)

Advisory

20210224 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-unauth-access-5PWzDx2w)

Rapid7

Unknown

CVE-2021-1228

Unknown

Unknown

None

None

Adjacent_network

CVE-2021-1228

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2021-1228

Unknown

Unknown

None

None

Adjacent_network

CVE-2021-1228

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Weaknesses

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification