CVE-2021-1253
Cisco Data Center Network Manager Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Data Center Network Manager (DCNM), podrían permitir a un atacante remoto con privilegios de operador de red conducir un ataque de tipo cross-site scripting (XSS) o un ataque de descarga de archivo reflejado (RFD) contra un usuario de la interfaz. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-11-13 CVE Reserved
- 2021-01-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Data Center Network Manager Search vendor "Cisco" for product "Data Center Network Manager" | < 11.5\(1\) Search vendor "Cisco" for product "Data Center Network Manager" and version " < 11.5\(1\)" | - |
Affected
| ||||||