Skip to main content

Common Services Platform Collector CVE-2021-34774

MEDIUM
Information Exposure (CWE-200)
2021-11-04 psirt@cisco.com
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 04, 2021 - 16:15 nvd
MEDIUM 4.9

DescriptionNVD

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability.

AnalysisAI

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability. Affected products include: Cisco Common Services Platform Collector.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2019-1723 CRITICAL
9.8 Mar 13

A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker t

CVE-2021-1538 HIGH
7.2 Jun 04

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authent

CVE-2022-20674 MEDIUM
6.1 May 27

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa

CVE-2022-20673 MEDIUM
6.1 May 27

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa

CVE-2022-20672 MEDIUM
6.1 May 27

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa

CVE-2022-20671 MEDIUM
6.1 May 27

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa

CVE-2022-20670 MEDIUM
6.1 May 27

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa

CVE-2022-20669 MEDIUM
6.1 May 27

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa

CVE-2022-20668 MEDIUM
6.1 May 27

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa

CVE-2022-20667 MEDIUM
6.1 May 27

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa

CVE-2022-20666 MEDIUM
6.1 May 27

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa

CVE-2021-40131 MEDIUM
5.4 Nov 19

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an

Share

CVE-2021-34774 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy