CVE-2021-1303 · CVEKit

cve.orgen

553 chars

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.

NVDen

553 chars

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.

NVDes

642 chars

Una vulnerabilidad en los roles de administración de usuarios de Cisco DNA Center, podría permitir a un atacante remoto autenticado ejecutar comandos no autorizados en un dispositivo afectado. La vulnerabilidad es debido a la aplicación inapropiada de acciones para los roles de usuario asignados. Un atacante podría explotar esta vulnerabilidad al autenticarse como usuario con un rol de observador y ejecutar comandos en el dispositivo afectado. Una explotación con éxito podría permitir que un usuario con el rol de Observador ejecutar comandos para visualizar información de diagnóstico de los dispositivos que administra Cisco DNA Center

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.0	Primary	cve.org	4.3	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N