CVE-2021-1257

CWE-352Cross-Site Request Forgery (CSRF)6 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 68.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Catalyst CenterMcafee AgentCisco Cisco Digital Network Architecture Center (dna Center)
Timeline
PublishedJan 20
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/catalyst_center< 2.1.1.0
NVDmcafee/agent< 5.7.6

🔴Vulnerability Details

2
GHSA
GHSA-p8f4-vrqv-6cp2: A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-2022-05-24
CVEList
Cisco DNA Center Cross-Site Request Forgery Vulnerability2021-01-20

📋Vendor Advisories

1
Cisco
Cisco DNA Center Cross-Site Request Forgery Vulnerability2021-01-20
CVE-2021-1257 (HIGH CVSS 8.8) | A vulnerability in the web-based ma | cvebase.io