CVE-2021-1132

Name of the Vulnerable Software and Affected Versions Cisco Network Services Orchestrator (NSO) (affected versions not specified)

Description A vulnerability in the API subsystem and web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This issue exists due to improper validation of user-supplied input in the web-management interface and certain HTTP-based APIs. An attacker could exploit this by sending a crafted HTTP request containing directory traversal character sequences to an affected system, potentially allowing access to sensitive files.

Recommendations For Cisco Network Services Orchestrator (NSO), update to a version that includes the software updates released by Cisco to address this vulnerability. As a temporary workaround, consider restricting access to the web-management interface and vulnerable API endpoints until a patch is available. Avoid using the vulnerable API subsystem and web-management interface until the issue is resolved. At the moment, there is no information about specific versions that contain a fix for this vulnerability.