Lucene search

CiscoCVELIST:CVE-2021-1250

HistoryJan 20, 2021 - 8:11 p.m.

CVE-2021-1250 Cisco Data Center Network Manager Vulnerabilities

2021-01-2020:11:09

CWE-20

cisco

www.cve.org

cisco

data center network manager

web-based management

remote attacker

cross-site scripting

reflected file download

security advisory

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

CNA Affected

[
  {
    "product": "Cisco Data Center Network Manager",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh