CVE-2021-1250: XSS
First published: Wed Jan 20 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Data Center Network Manager | <11.5\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What are the vulnerabilities in Cisco Data Center Network Manager (DCNM)?
The vulnerabilities in Cisco DCNM are cross-site scripting (XSS) and reflected file download (RFD) attacks.
Who can exploit the vulnerabilities in Cisco DCNM?
A remote attacker with network-operator privileges can exploit the vulnerabilities.
What is the severity of CVE-2021-1250?
The severity of CVE-2021-1250 is medium, with a CVSS score of 5.4.
How can a remote attacker exploit CVE-2021-1250?
A remote attacker with network-operator privileges can exploit CVE-2021-1250 by conducting a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the Cisco DCNM interface.
Is there a fix available for CVE-2021-1250?
Yes, Cisco has released a security advisory with fixes and mitigations for CVE-2021-1250. Please refer to the Cisco Security Advisory for more information.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/cisco
- canonical/cisco data center network manager