CVE-2021-1227

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note that the NX-API feature is disabled by default.

Recommendations As a temporary workaround, consider disabling the NX-API feature until a patch is available. Cisco has released software updates that address this vulnerability, it is recommended to apply these updates to resolve the issue. There are no workarounds that address this vulnerability, updating the software is the only resolution.