CVE-2021-34733 — Insufficiently Protected Credentials in Cisco Evolved Programmable Network Manager

CWE-522 — Insufficiently Protected Credentials4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 85.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure Cisco Prime Infrastructure

Timeline

PublishedSep 2

Latest updateMay 24

Description

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/evolved_programmable_network_manager< 5.0

▶NVDcisco/prime_infrastructure< 3.8

▶CVEListV5cisco/cisco_prime_infrastructuren/a

🔴Vulnerability Details

GHSA

GHSA-9p84-3w48-p6j6: A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local atta↗2022-05-24

▶

CVEList

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability↗2021-09-02

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability↗2021-09-01

▶