cisco common-services-platform-collector CVE-2021-34774 is a vulnerability in Cisco Common Services Platform Collector
Published on November 4, 2021

Cisco Common Services Platform Collector Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-34774 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2021-34774 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2021-34774

Want to know whenever a new CVE is published for Cisco Common Services Platform Collector? stack.watch will email you.

Cisco Common Services Platform Collector
 

Affected Versions

Cisco Common Services Platform Collector Software Version n/a is affected by CVE-2021-34774

Exploit Probability

EPSS
0.05%
Percentile
15.81%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.