CVE-2021-1272: SSRF
First published: Wed Jan 20 2021(Updated: )
A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Data Center Network Manager | <11.5\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-1272?
CVE-2021-1272 is a vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) that could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system.
How severe is CVE-2021-1272?
CVE-2021-1272 has a severity rating of 8.8 (high).
Which software is affected by CVE-2021-1272?
CVE-2021-1272 affects Cisco Data Center Network Manager (DCNM) version 11.5(1) and earlier versions.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-1272?
CVE-2021-1272 is associated with CWE-918.
How do I fix CVE-2021-1272?
To fix CVE-2021-1272, it is recommended to upgrade to a version of Cisco Data Center Network Manager (DCNM) that is not affected by this vulnerability. Refer to the Cisco Security Advisory for more information.
- collector/nvd-index
- vendor/cisco
- canonical/cisco data center network manager