CVE-2021-1265Cleartext Storage of Sensitive Info in Cisco Catalyst Center

CWE-312Cleartext Storage of Sensitive Info6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 71.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst CenterCisco Digital Network Architecture Center
Timeline
PublishedJan 20
Latest updateMay 24

Description

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the att

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/catalyst_center< 2.1.1.0

🔴Vulnerability Details

2
GHSA
GHSA-32x3-2qh2-v3w9: A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtai2022-05-24
CVEList
Cisco DNA Center Information Disclosure Vulnerability2021-01-20

📋Vendor Advisories

1
Cisco
Cisco DNA Center Information Disclosure Vulnerability2021-01-20

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF2021-10-14
Talos
Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF2021-10-14
CVE-2021-1265 — Cleartext Storage of Sensitive Info | cvebase