CVE-2021-1578

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) (affected versions not specified)

Description A vulnerability in the API endpoint of the affected devices could allow an authenticated, remote attacker to elevate privileges to Administrator. This issue is due to an improper policy default setting. An attacker could exploit this by sending a specific API request to a managed device using non-privileged credentials for Cisco ACI Multi-Site Orchestrator (MSO). A successful exploit could allow the attacker to obtain Administrator credentials on the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.