CVE-2021-1286: Input Validation
First published: Wed Jan 20 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Data Center Network Manager | <11.5\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-1286?
CVE-2021-1286 refers to multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM).
What is the severity of CVE-2021-1286?
CVE-2021-1286 has a severity level of medium.
What are the affected software versions for CVE-2021-1286?
The affected software version for CVE-2021-1286 is up to and excluding 11.5(1) of Cisco Data Center Network Manager (DCNM).
What are the CWE IDs for CVE-2021-1286?
The CWE IDs for CVE-2021-1286 are CWE-79 (Cross-Site Scripting) and CWE-20 (Improper Input Validation).
How can a remote attacker exploit CVE-2021-1286?
A remote attacker with network-operator privileges can exploit CVE-2021-1286 to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against users of the affected interface.
- collector/nvd-index
- vendor/cisco
- canonical/cisco data center network manager