VDB
CVE-2021-1134
CVE-2021-1134
PUBLISHED
CVSS 7.400000095367432 HIGH
A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network.
EPSS 0.27% · 51.2th percentile
Risk Scores
CVSS 3.0
7.400000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.27%
51.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | catalyst_center | 0 |
| Cisco | Cisco Digital Network Architecture Center (DNA Center) | n/a |
Exploit Intelligence
Timeline
- Jun 29, 2021 EPSS Score
- Jun 29, 2021 CVE Published
- Aug 28, 2021 EPSS Score
- Oct 27, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 25, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 26, 2022 EPSS Score
- Jun 25, 2022 EPSS Score
- Aug 25, 2022 EPSS Score
- Oct 24, 2022 EPSS Score
References
- 20210616 Cisco DNA Center Certificate Validation Vulnerability vendor-advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-pos-dll-ff8j6dFv advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ciscosb-multivulns-Wwyb7s5E advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-cert-vali-n8L97RW advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-1134 advisory