Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-1257
HistoryJan 20, 2021 - 8:15 p.m.

CVE-2021-1257

2021-01-2020:15:14
CWE-352
[email protected]
web.nvd.nist.gov
7
cisco dna center software
remote attacker
csrf attack
web-based management interface
insufficient csrf protections
authenticated user
specially crafted link
arbitrary actions
device configuration
command runner commands

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

34.8%

JSON

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user’s session, and executing Command Runner commands.

Affected configurations

Nvd
Node
ciscodna_centerRange<2.1.1.0
Node
mcafeeagentRange<5.7.6linux
OR
mcafeeagentRange<5.7.6macos
OR
mcafeeagentRange<5.7.6windows
AND
applemacosMatch-
OR
linuxlinux_kernelMatch-
OR
microsoftwindowsMatch-

Related

cvelist 1
threatpost 5
prion 1
cisco 1
cve 1
cvelist
cvelist
CVE-2021-1257 Cisco DNA Center Cross-Site Request Forgery Vulnerability
2021-01-20 00:00:00
threatpost
threatpost
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks
2021-01-22 12:45:42
SonicWall Breach Stems from β€˜Probable’ Zero-Days
2021-01-25 17:04:19
Microsoft Edge, Google Chrome Roll Out Password Protection Tools
2021-01-22 21:57:10
prion
prion
Cross site request forgery (csrf)
2021-01-20 20:15:00
cisco
cisco
Cisco DNA Center Cross-Site Request Forgery Vulnerability
2021-01-20 16:00:00
cve
cve
CVE-2021-1257
2021-01-20 20:15:14

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

34.8%

JSON
Related for NVD:CVE-2021-1257
cvelist1threatpost5prion1cisco1cve1