===================================================================== CERT-Renater Note d'Information No. 2021/VULN424 _____________________________________________________________________ DATE : 26/08/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Application Policy Infrastructure Controller, Cisco NX-OS Software, Cisco Nexus 9000 Series Fabric Switches software, Cisco Nexus 9500 Series Switches software, Cisco UCS Manager Software. ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-frw-Nt3RYxR2 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-pesc-pkmGK4J https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-tcp-dos-YXukt6gM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKF https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-scss-bFT75YrM https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2021-August-25. The following PSIRT security advisories (1 Critical, 6 High, 7 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability - SIR: Critical 2) Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability - SIR: High 3) Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability - SIR: High 4) Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability - SIR: High 5) Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability - SIR: High 6) Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability - SIR: High 7) Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability - SIR: High 8) Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities - SIR: Medium 9) Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability - SIR: Medium 10) Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability - SIR: Medium 11) Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability - SIR: Medium 12) Cisco NX-OS Software system login block-for Denial of Service Vulnerability - SIR: Medium 13) Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability - SIR: Medium 14) Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability CVE-2021-1577 SIR: Critical CVSS Score v(3.1): 9.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-frw-Nt3RYxR2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-frw-Nt3RYxR2"] +-------------------------------------------------------------------- 2) Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability CVE-2021-1578 SIR: High CVSS Score v(3.1): 8.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-pesc-pkmGK4J ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-pesc-pkmGK4J"] +-------------------------------------------------------------------- 3) Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability CVE-2021-1587 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv"] +-------------------------------------------------------------------- 4) Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability CVE-2021-1588 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-mpls-oam-dos-sGO9x5GM"] +-------------------------------------------------------------------- 5) Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability CVE-2021-1586 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-tcp-dos-YXukt6gM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-tcp-dos-YXukt6gM"] +-------------------------------------------------------------------- 6) Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability CVE-2021-1523 SIR: High CVSS Score v(3.1): 8.6 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKF ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKF"] +-------------------------------------------------------------------- 7) Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability CVE-2021-1579 SIR: High CVSS Score v(3.1): 8.1 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-chvul-CKfGYBh8"] +-------------------------------------------------------------------- 8) Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities CVE-2021-1580, CVE-2021-1581 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW"] +-------------------------------------------------------------------- 9) Cisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability CVE-2021-1591 SIR: Medium CVSS Score v(3.1): 5.8 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nexus-acl-vrvQYPVe"] +-------------------------------------------------------------------- 10) Cisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability CVE-2021-1584 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-mdvul-vrKVgNU"] +-------------------------------------------------------------------- 11) Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability CVE-2021-1582 SIR: Medium CVSS Score v(3.1): 5.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-scss-bFT75YrM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-scss-bFT75YrM"] +-------------------------------------------------------------------- 12) Cisco NX-OS Software system login block-for Denial of Service Vulnerability CVE-2021-1590 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu"] +-------------------------------------------------------------------- 13) Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability CVE-2021-1583 SIR: Medium CVSS Score v(3.1): 4.4 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-naci-afr-UtjfO2D7"] +-------------------------------------------------------------------- 14) Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability CVE-2021-1592 SIR: Medium CVSS Score v(3.1): 4.3 URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-ssh-dos-MgvmyrQy"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================