CVE-2021-34782
Published: 06 October 2021
Summary
CVE-2021-34782 is a medium-severity Exposure of Sensitive Information Through Data Queries (CWE-202) vulnerability in Cisco Catalyst Center. Its CVSS base score is 4.3 (Medium).
Operationally, ranked in the top 48.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-21432
Vulnerability details
A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access…
more
controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.