CVE-2021-1276
Cisco Data Center Network Manager Certificate Validation Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Múltiples vulnerabilidades en Cisco Data Center Network Manager (DCNM), podrían permitir a un atacante falsificar un host confiable o construir un ataque de tipo man-in-the-middle para extraer información confidencial o alterar determinadas peticiones de la API. Estas vulnerabilidades son debido a una comprobación de certificados insuficiente cuando se establecen peticiones HTTPS con el dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2020-11-13 CVE Reserved
- 2021-01-20 CVE Published
- 2023-10-06 EPSS Updated
- 2024-11-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Data Center Network Manager Search vendor "Cisco" for product "Data Center Network Manager" | < 11.5\(1\) Search vendor "Cisco" for product "Data Center Network Manager" and version " < 11.5\(1\)" | - |
Affected
|