CVE-2021-34707 is a vulnerability in Cisco Evolved Programmable Network Manager
Published on August 4, 2021
Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability
A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.
Vulnerability Analysis
CVE-2021-34707 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2021-34707 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2021-34707
Want to know whenever a new CVE is published for Cisco Evolved Programmable Network Manager? stack.watch will email you.
Affected Versions
Cisco Evolved Programmable Network Manager (EPNM) Version n/a is affected by CVE-2021-34707Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.