CVE-2021-1574

CWE-285 CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

8.8HIGH

EPSS

1.5%

top 18.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Business Process Automation Cisco Cisco Business Process Automation (bpa)

Timeline

PublishedJul 8

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions wi…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/business_process_automation< 3.1

▶CVEListV5cisco/cisco_business_process_automation_(bpa)n/a

🔴Vulnerability Details

GHSA

GHSA-xxj5-3284-f7m3: Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacke↗2022-05-24

▶

CVEList

Cisco Business Process Automation Privilege Escalation Vulnerabilities↗2021-07-08

▶

📋Vendor Advisories

Cisco

Cisco Business Process Automation Privilege Escalation Vulnerabilities↗2021-07-07

▶