Strix
26.1K

CVE-2021-34765

MEDIUMCVSS 4.3/10EPSS 0.84%

Last modified

CVE-2021-34765 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. EPSS estimates a 0.84% chance of exploitation in the next 30 days.

Description

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.

Metrics

CVSS 3.1
4.3/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Probability
0.84%

53.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoNexus Insights< 6.0.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-34765?
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information.
How severe is CVE-2021-34765?
CVE-2021-34765 has a CVSS score of 4.3/10 (MEDIUM severity). The EPSS model estimates a 0.84% probability of exploitation in the next 30 days.
How do I fix CVE-2021-34765?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-34765?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST