CVE-2021-40130
Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC.
Una vulnerabilidad en la aplicación web de Cisco Common Services Platform Collector (CSPC) podría permitir a un atacante remoto y autenticado especificar archivos que no son de registro como fuentes para los informes de syslog. Esta vulnerabilidad es debido a una restricción inapropiada de la configuración del syslog. Un atacante podría explotar esta vulnerabilidad al configurar archivos que no son de registro como fuentes para los informes de syslog mediante la aplicación web. Una explotación con éxito podría permitir al atacante leer archivos que no son de registro en el CSPC
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-08-25 CVE Reserved
- 2021-11-18 CVE Published
- 2024-02-09 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-ILR-8qmW8y8X | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Common Services Platform Collector Search vendor "Cisco" for product "Common Services Platform Collector" | < 2.9.1.1 Search vendor "Cisco" for product "Common Services Platform Collector" and version " < 2.9.1.1" | - |
Affected
|