Lucene search

CiscoCVELIST:CVE-2021-40130

HistoryNov 18, 2021 - 11:50 p.m.

CVE-2021-40130 Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability

2021-11-1823:50:24

CWE-284

cisco

www.cve.org

cve-2021-40130

cisco

cspc

logging

restriction

vulnerability

syslog

configuration

exploit

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC.

CNA Affected

[
  {
    "product": "Cisco Common Services Platform Collector Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-ILR-8qmW8y8X

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

Related for CVELIST:CVE-2021-40130