PT-2021-4851 · Cisco · Cisco Common Services Platform Collector
Aaron Rhodes
+1
·
Published
2021-11-17
·
Updated
2022-08-05
·
CVE-2021-40130
CVSS v2.0
6.1
Medium
| Vector | AV:N/AC:L/Au:M/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Common Services Platform Collector (CSPC) (affected versions not specified)
Description
A vulnerability in the web application of Cisco Common Services Platform Collector could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This issue is due to improper restriction of the syslog configuration. An attacker could exploit this by configuring non-log files as sources for syslog reporting through the web application, potentially allowing them to read non-log files on the CSPC.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Common Services Platform Collector