CVE-2021-1272 HIGH

CVE-2021-1272: Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability

Vendor Cisco
Product Cisco Data Center Network Manager
Weakness CWE-918 · SSRF
Published January 20, 2021
Last update November 12, 2024
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system.

Key dates

02Disclosure timeline

January 20, 2021 CVE published
November 12, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-35187 pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter CVE-2024-31229 WordPress Really Simple SSL plugin <= 7.2.3 - Server Side Request Forgery (SSRF) vulnerability CVE-2024-34361 Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE) CVE-2023-42450 Mastodon Server-Side Request Forgery vulnerability CVE-2026-24117 Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL