Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. The APIC appliance is a centralized, clustered controller that programmatically automates network provisioning and control based on the application requirements and policies across physical and virtual environments.

Tracked as CVE-2021-1577 (CVSS score: 9.1) could enable an unauthenticated, remote attacker to upload a file to the appliances.  A successful exploit could allow the attacker to read or write arbitrary files on an affected device.

This vulnerability is due to improper access control thus the recommendation of the National CERT is to apply released patch.

For more information please visit here