CVE-2021-1283 is a vulnerability in Cisco Data Center Network Manager
Published on January 20, 2021
Cisco Data Center Network Manager Information Disclosure Vulnerability
A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials.
Vulnerability Analysis
CVE-2021-1283 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a Stack Exhaustion Vulnerability?
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
CVE-2021-1283 has been classified to as a Stack Exhaustion vulnerability or weakness.
Products Associated with CVE-2021-1283
Want to know whenever a new CVE is published for Cisco Data Center Network Manager? stack.watch will email you.
Affected Versions
Cisco Data Center Network Manager Version n/a is affected by CVE-2021-1283Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.