CVE-2021-34733

MEDIUM

Cisco Evolved Programmable Network Ma... - Insufficiently Protected Credentials

Title source: rule

Description

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 14.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

cisco/evolved_programmable_network_manager < 5.0

cisco/prime_infrastructure < 3.8

Timeline

Published Sep 02, 2021

Tracked Since Feb 18, 2026