Vulnerability Details : CVE-2021-1276
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Products affected by CVE-2021-1276
- cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-1276
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-1276
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
Cisco Systems, Inc. | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
2.2
|
4.2
|
NIST |
CWE ids for CVE-2021-1276
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: ykramarz@cisco.com (Primary)
References for CVE-2021-1276
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3
Cisco Data Center Network Manager Certificate Validation VulnerabilitiesVendor Advisory
Jump to