PT-2021-2199 · Cisco · Cisco Data Center Network Manager

Published

2021-01-20

Updated

2021-01-27

CVE-2021-1255

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Cisco Data Center Network Manager (DCNM) (affected versions not specified)

Description: The issue is related to multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM), which could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is associated with incorrect restriction of the path name to a directory with limited access. Exploitation of the vulnerability may allow a remote attacker to impact the integrity and confidentiality of data.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incomplete List of Disallowed Inputs

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-184CWE-22

Related Identifiers

BDU:2021-01108

CVE-2021-1255

Affected Products

Cisco Data Center Network Manager

PT-2021-2199 · Cisco · Cisco Data Center Network Manager

CVE-2021-1255

Weakness Enumeration

Related Identifiers

Affected Products

References · 5