CVE-2021-34707 — Vulnetix

CVE-2021-34707 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application.

EPSS 0.24% · 47.0th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.24%

47.0th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Evolved Programmable Network Manager (EPNM)	*
cisco	evolved_programmable_network_manager	0

Exploit Intelligence

20210804 Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability (circl)

Timeline

Aug 4, 2021 CVE Published
Aug 5, 2021 EPSS Score
Oct 3, 2021 EPSS Score
Dec 1, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 26, 2022 EPSS Score
Jul 25, 2022 EPSS Score
Sep 22, 2022 EPSS Score
Nov 20, 2022 EPSS Score

References

20210804 Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-34707 advisory

Open in Interactive Console →