What is the severity rating for CVE-2021-34733?

The severity rating for CVE-2021-34733 is medium (5.5).

What is the vulnerability description for CVE-2021-34733?

CVE-2021-34733 is a vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager that could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system.

Is there a fix available for CVE-2021-34733?

Please refer to the Cisco Security Advisory linked in the references for information on available fixes for CVE-2021-34733.

Vulnerability/
CVE-2021-34733

medium

5.5

CWE

522

2/9/2021

7/11/2024

CVE-2021-34733: Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability

Q: What is the vulnerability ID for this Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager vulnerability?

The vulnerability ID for this Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager vulnerability is CVE-2021-34733.

Q: What is affected by CVE-2021-34733?

Cisco Prime Infrastructure up to version 3.8 and Cisco Evolved Programmable Network Manager up to version 5.0 are affected by CVE-2021-34733.

First published: Thu Sep 02 2021(Updated: )

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Evolved Programmable Network Manager	<5.0
Cisco Prime Infrastructure	<3.8

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2

Frequently Asked Questions

What is the vulnerability ID for this Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager vulnerability?
The vulnerability ID for this Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager vulnerability is CVE-2021-34733.
What is the severity rating for CVE-2021-34733?
The severity rating for CVE-2021-34733 is medium (5.5).
What is affected by CVE-2021-34733?
Cisco Prime Infrastructure up to version 3.8 and Cisco Evolved Programmable Network Manager up to version 5.0 are affected by CVE-2021-34733.
What is the vulnerability description for CVE-2021-34733?
CVE-2021-34733 is a vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager that could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system.
Is there a fix available for CVE-2021-34733?
Please refer to the Cisco Security Advisory linked in the references for information on available fixes for CVE-2021-34733.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/weakness
agent/author
agent/severity
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/cisco
canonical/cisco evolved programmable network manager
canonical/cisco prime infrastructure

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.