CVE-2021-1132 | Cisco Network Services Orchestrator 5.3.1/5.4/5.4.0.1/5.4.0.2 API Subsystem/Web-Management Interface path traversal (cisco-sa-nso-path-trvsl-dZRQE8Lc)

Inserito da Angelo Barbosa | Nov 18, 2024 | CVE

A vulnerability, which was classified as problematic, was found in Cisco Network Services Orchestrator 5.3.1/5.4/5.4.0.1/5.4.0.2. Affected is an unknown function of the component API Subsystem/Web-Management Interface. The manipulation leads to path traversal: ‘…/…//’.

This vulnerability is traded as CVE-2021-1132. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2021-1132 | Cisco Network Services Orchestrator 5.3.1/5.4/5.4.0.1/5.4.0.2 API Subsystem/Web-Management Interface path traversal (cisco-sa-nso-path-trvsl-dZRQE8Lc)

Post correlati

CVE-2023-48839 | Appointment Scheduler 3.0 cross site scripting (ID 176055)

CVE-2024-33433 | Totolink X2000R prior 1.0.0-B20231213.1013 Wireless Page Guest Access Control cross site scripting

CVE-2024-23738 | Postman up to 10.22 on macOS Setting RunAsNode/enableNodeClilnspectArguments Privilege Escalation

CVE-2020-7760 | Oracle Utilties Application Framework 4.3.0.3.0/4.3.0.6.0/4.4.0.0.0/4.4.0.2.0/4.4.0.3.0 User Interface denial of service