CVE-2021-34782

CWE-202CWE-863Incorrect Authorization5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 48.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst CenterCisco Cisco Digital Network Architecture Center (dna Center)
Timeline
PublishedOct 6
Latest updateJul 1

Description

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who ar

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/catalyst_center2.2.3.02.2.3.3+1

🔴Vulnerability Details

3
GHSA
Incorrect Authorization in Jenkins requests-plugin2022-07-01
GHSA
GHSA-5g3w-62hr-p464: A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that s2022-05-24
CVEList
Cisco DNA Center Information Disclosure Vulnerability2021-10-06

📋Vendor Advisories

1
Cisco
Cisco DNA Center Information Disclosure Vulnerability2021-10-06