Lucene search

CiscoCVELIST:CVE-2021-1249

HistoryJan 20, 2021 - 8:11 p.m.

CVE-2021-1249 Cisco Data Center Network Manager Vulnerabilities

2021-01-2020:11:04

CWE-20

cisco

www.cve.org

cisco

data center

network manager

web interface

vulnerabilities

remote attacker

cross-site scripting

xss

reflected file download

rfd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

CNA Affected

[
  {
    "product": "Cisco Data Center Network Manager",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh