PT-2021-7487 · Cisco · Cisco Nexus Insights

Published

2021-09-01

Updated

2021-09-15

CVE-2021-34765

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Nexus Insights (affected versions not specified)

Description The issue is related to the web interface of Cisco Nexus Insights, where a vulnerability allows an authenticated, remote attacker to view and download files related to the web application. This is due to the lack of proper role-based access control (RBAC) filters applied to file download actions. An attacker with valid device credentials could exploit this by logging in and navigating to the directory listing and download functions, potentially leading to the disclosure of sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

BDU:2022-06803

CVE-2021-34765

Affected Products

Cisco Nexus Insights

PT-2021-7487 · Cisco · Cisco Nexus Insights

CVE-2021-34765

Weakness Enumeration

Related Identifiers

Affected Products

References · 5