How severe is CVE-2021-1579?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-1579?

This is classified as CWE-250, which is a common weakness in software security.

CVE-2021-1579 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device.

Related Vulnerabilities

CVE-2018-10856

HIGH

CVSS:8.8(High)

It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.

CWE-2502018

CVE-2018-5413

HIGH

CVSS:8.8(High)

Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privileged users to add SSH login keys to the admin user, resulting in privilege escalation.

CWE-2502018

CVE-2018-8853

HIGH

CVSS:8.8(High)

Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk ...

CWE-2502018

CVE-2019-10167

HIGH

CVSS:8.8(High)

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since...

CWE-2502019

CVE-2019-10168

HIGH

CVSS:8.8(High)

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emul...

CWE-2502019

CVE-2020-14493

HIGH

CVSS:8.8(High)

A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.

CWE-2502020