Common Services Platform Collector
CVE-2021-40130
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC.
AnalysisAI
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC. Affected products include: Cisco Common Services Platform Collector.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker t
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authent
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today