Rewterz Threat Advisory – CVE-2021-34765 – Cisco Nexus Insights Authenticated Information Disclosure Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-34765

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in the disclosure of sensitive information.

Impact

• Information Disclosure

Affected Vendors

Cisco

Affected Products

• Cisco Nexus Insights releases earlier than Release 6.0.1.

Remediation

Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-insight-infodis-2By2ZpBB