Lucene search

CiscoCVELIST:CVE-2021-1286

HistoryJan 20, 2021 - 7:55 p.m.

CVE-2021-1286 Cisco Data Center Network Manager Vulnerabilities

2021-01-2019:55:59

CWE-20

cisco

www.cve.org

cisco

data center network manager

web-based interface

remote attacker

cross-site scripting

reflected file download

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

54.1%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

CNA Affected

[
  {
    "product": "Cisco Data Center Network Manager",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh