cbcvebase.
CVE-2021-1132
published 2024-11-18

CVE-2021-1132: A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote…

PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.61%
72.9th percentile
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected

9 ranges
VendorProductVersion rangeFixed in
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
ciscocisco_network_services_orchestrator
cisconetwork_services_orchestrator
cisconetwork_services_orchestrator
cisconetwork_services_orchestrator
cisconetwork_services_orchestrator
cisconetwork_services_orchestrator_path

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.