CVE-2021-1227

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.

Severity	HIGH
CVSS	8.1
CWE	CWE-352
KEV
Published	5 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco Nexus Dashboard	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco MDS 9000 Family of Multilayer Switches	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco Firepower Extensible Operating System (FXOS)	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco Catalyst PON Series Switches	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco Nexus 9000 Series Switches	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco Nexus 7000 Series Switches	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco Nexus 6000 Series Switches	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco Nexus 5000 Series Switches	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco Nexus 3000 Series Switches	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco Nexus 3000 Series Switch	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco NX-OS Software	cisco-sa-nxos-nxapi-csrf-wRMzWL9z
Cisco MDS 9000 Multilayer Directors and Fabric Switches	cisco-sa-nxos-nxapi-csrf-wRMzWL9z