Cisco Data Center Network Manager vulnerabilities

CVE-2020-3538 [MEDIUM] CWE-20 CVE-2020-3538: A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Soft A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests t

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD

CVE-2021-1133 [MEDIUM] CWE-184 CVE-2021-1133: Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1247 [HIGH] CWE-89 CVE-2021-1247: Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) c Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1248 [HIGH] CWE-89 CVE-2021-1248: Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) c Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1272 [HIGH] CWE-918 CVE-2021-1272: A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker.

CVE-2021-1269 [MEDIUM] CWE-863 CVE-2021-1269: Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1277 [HIGH] CWE-295 CVE-2021-1277: Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoo Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For mo

CVE-2021-1270 [MEDIUM] CWE-863 CVE-2021-1270: Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1253 [MEDIUM] CWE-20 CVE-2021-1253: Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Detai

CVE-2021-1250 [MEDIUM] CWE-20 CVE-2021-1250: Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Detai

CVE-2021-1276 [HIGH] CWE-295 CVE-2021-1276: Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoo Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For mo

CVE-2021-1255 [MEDIUM] CWE-184 CVE-2021-1255: Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1249 [MEDIUM] CWE-20 CVE-2021-1249: Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Detai

CVE-2021-1286 [MEDIUM] CWE-20 CVE-2021-1286: Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Detai

CVE-2021-1283 [MEDIUM] CWE-789 CVE-2021-1283: A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit

CVE-2021-1135 [MEDIUM] CWE-184 CVE-2021-1135: Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2020-3519 [HIGH] CWE-20 CVE-2020-3519: A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software c A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the API. An attacker could exploit this vulnerability by sending a crafted

CVE-2020-3518 [MEDIUM] CWE-79 CVE-2020-3518: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) So A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of the affected software. The vulnerability exists because the web-based management interface does not properly validate u

CVE-2020-3522 [MEDIUM] CWE-284 CVE-2020-3522: A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) So A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources th