Lucene search

CiscoCVELIST:CVE-2021-1265

HistoryJan 20, 2021 - 7:57 p.m.

CVE-2021-1265 Cisco DNA Center Information Disclosure Vulnerability

2021-01-2019:57:22

CWE-312

cisco

www.cve.org

cisco

dna center

configuration archive

information disclosure

vulnerability

api calls

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.

CNA Affected

[
  {
    "product": "Cisco Digital Network Architecture Center (DNA Center)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnacid-OfeeRjcn

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

Related for CVELIST:CVE-2021-1265