CVE-2021-34774 — Vulnetix

CVE-2021-34774 PUBLISHED CVSS 4.900000095367432 MEDIUM

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability.

EPSS 0.05% · 16.5th percentile

Risk Scores

CVSS 3.1

4.900000095367432

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.05%

16.5th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Common Services Platform Collector Software	n/a
cisco	common_services_platform_collector	0

Exploit Intelligence

20211103 Cisco Common Services Platform Collector Information Disclosure Vulnerability (circl)

Timeline

Nov 4, 2021 CVE Published
Nov 5, 2021 EPSS Score
Dec 31, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 21, 2022 EPSS Score
Jun 16, 2022 EPSS Score
Aug 12, 2022 EPSS Score
Oct 6, 2022 EPSS Score
Dec 1, 2022 EPSS Score
Jan 26, 2023 EPSS Score

References

20211103 Cisco Common Services Platform Collector Information Disclosure Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-34774 advisory

Open in Interactive Console →