CVE-2021-1283 — Memory Allocation with Excessive Size Value in Cisco Data Center Network Manager

CWE-789 — Memory Allocation with Excessive Size Value7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 81.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Data Center Network Manager Cisco Data Center Network Manager

Timeline

PublishedJan 20

Latest updateJul 19

Description

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacke…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/data_center_network_manager< 11.5\(1\)

▶CVEListV5cisco/cisco_data_center_network_managern/a

🔴Vulnerability Details

OSV

libxmltok vulnerabilities↗2022-07-19

▶

GHSA

GHSA-j9g2-35f7-x39p: A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive in↗2022-05-24

▶

CVEList

Cisco Data Center Network Manager Information Disclosure Vulnerability↗2021-01-20

▶

📋Vendor Advisories

Cisco

Cisco Data Center Network Manager Information Disclosure Vulnerability↗2021-01-20

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040↗2021-07-15

▶

Talos

Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040↗2021-07-15

▶