CVE-2021-1354

CWE-295Improper Certificate ValidationCWE-4025 documents5 sources
Severity
3.5LOW
EPSS
0.0%
top 93.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Computing System Central SoftwareCisco Cisco Unified Computing System Central Software
Timeline
PublishedFeb 4
Latest updateMay 21

Description

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-grv9-44cv-g58h: A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacen2022-05-24
CVEList
Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability2021-02-04

📋Vendor Advisories

2
Red Hat
kernel: can: mcba_usb: fix memory leak in mcba_usb2024-05-21
Cisco
Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability2021-02-03
CVE-2021-1354 (LOW CVSS 3.5) | A vulnerability in the certificate | cvebase.io