Vulnerabilities > CVE-2021-40130 - Unspecified vulnerability in Cisco Common Services Platform Collector

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cisco

NVD

Published: 2021-11-19

Updated: 2023-11-07

Summary

A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to specify non-log files as sources for syslog reporting. This vulnerability is due to improper restriction of the syslog configuration. An attacker could exploit this vulnerability by configuring non-log files as sources for syslog reporting through the web application. A successful exploit could allow the attacker to read non-log files on the CSPC.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Common Services Platform Collector - Cisco Common Services Platform Collector 2.7.2 Cisco Common Services Platform Collector 2.7.4.5 Cisco Common Services Platform Collector 2.7.4.6 Cisco Common Services Platform Collector 2.7.4.7 Cisco Common Services Platform Collector 2.7.4.8 Cisco Common Services Platform Collector 2.7.4.9 Cisco Common Services Platform Collector 2.7.4.10 Cisco Common Services Platform Collector 2.8.0 Cisco Common Services Platform Collector 2.8.1 Cisco Common Services Platform Collector 2.8.1.2 Cisco Common Services Platform Collector 2.8.1.4 Cisco Common Services Platform Collector 2.8.1.5 Cisco Common Services Platform Collector 2.8.1.6 Cisco Common Services Platform Collector 2.8.1.7 Cisco Common Services Platform Collector 2.9.1	16

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-ILR-8qmW8y8X