Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

cisco-sa-capic-chvul-CKfGYBh8 · High · Published 4 years ago · Updated 3 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 5 hours ago · NVD CVEs 8 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability. However, administrators may disable or remove all apps with admin write privileges enabled.

To disable or remove these apps, do the following:

Open the web UI and click the Apps tab.
Hover the mouse pointer over an installed and enabled app (Open is displayed). Four icons will appear in the upper right.
To disable the app, click the icon that is a circle with a line. To remove the app, click the icon that is an X.

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEs	CVE-2021-1579
Cisco Bug IDs	CSCvw57164
CVSS Score	Base 8.1 Base 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X

Products with public affected evidence

Product	CVE	Affected evidence
Cisco Application Policy Infrastructure Controller (APIC)	CVE-2021-1579	structured affected CSAF product_status