CVE-2021-1132
published 2024-11-18CVE-2021-1132: A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote…
PriorityP353high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.61%
72.9th percentile
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.
This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_network_services_orchestrator | — | — |
| cisco | cisco_network_services_orchestrator | — | — |
| cisco | cisco_network_services_orchestrator | — | — |
| cisco | cisco_network_services_orchestrator | — | — |
| cisco | network_services_orchestrator | — | — |
| cisco | network_services_orchestrator | — | — |
| cisco | network_services_orchestrator | — | — |
| cisco | network_services_orchestrator | — | — |
| cisco | network_services_orchestrator_path | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pm93-mhpj-x843: A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated,
ghsa_unreviewed·2024-11-18
CVE-2021-1132 [MEDIUM] CWE-35 GHSA-pm93-mhpj-x843: A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated,
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.
This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Cisco
Cisco Network Services Orchestrator Path Traversal Vulnerability
vendor_cisco·2021-03-03·CVSS 5.3
CVE-2021-1132 [MEDIUM] CWE-35 Cisco Network Services Orchestrator Path Traversal Vulnerability
Cisco Network Services Orchestrator Path Traversal Vulnerability
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.
This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is availabl
Cisco
Cisco Network Services Orchestrator Path Traversal Vulnerability
vendor_cisco·CVSS 3.1
CVE-2021-1132 Cisco Network Services Orchestrator Path Traversal Vulnerability
CVE-2021-1132: Cisco Network Services Orchestrator Path Traversal Vulnerability
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE: CWE-35, CWE-35
Bug IDs: CSCvv48959
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-dZRQE8Lchttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHBhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3
2024-11-18
Published