CVE-2021-1354 MEDIUM

CVE-2021-1354: Cisco Unified Computing System Central Software Improper Certificate Validation Vulnerability

Vendor Cisco
Product Cisco Unified Computing System Central Software
Weakness CWE-295
Published February 4, 2021
Last update November 8, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.

Key dates

02Disclosure timeline

February 4, 2021 CVE published
November 8, 2024 Record updated