CVE-2021-1283

Cisco Data Center Network Manager Information Disclosure Vulnerability

CVSS 5.5 MEDIUMEPSS 0.3%CWE-789

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

20 Jan 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Cisco · Cisco Data Center Network Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-info-disc-QCSJB6YG