CVE-2021-1579

Name of the Vulnerable Software and Affected Versions: Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) (affected versions not specified)

Description: A vulnerability in an API endpoint could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system due to insufficient role-based access control (RBAC). The attacker could exploit this by sending a specific API request using an app with admin write credentials, potentially allowing them to elevate privileges to Administrator with write privileges.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.