Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-1574
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco Business Process Automation Privilege Escalation Vulnerabilities
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper authorization enforcement for specific features and for access to log files that contain confidential information. An attacker could exploit these vulnerabilities either by submitting crafted HTTP messages to an affected system and performing unauthorized actions with the privileges of an administrator, or by retrieving sensitive data from the logs and using it to impersonate a legitimate privileged user. A successful exploit could allow the attacker to elevate privileges to Administrator.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Business Process Automation 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Business Process Automation(BPA,业务流程自动化)是美国思科(Cisco)公司的一种策略,用于优化运营业务的基本流程,使用最新技术自动化执行这些流程所涉及的功能。 Cisco Business Process Automation (BPA)存在信任管理问题漏洞,该漏洞允许经过身份验证的远程攻击者可利用该漏洞将权限提升至这些漏洞是由于对特定功能和访问包含机密信息的日志文件的不恰当授权实施造成的。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CiscoCisco Business Process Automation (BPA) n/a -
II. Public POCs for CVE-2021-1574
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-1574
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Cisco Business Process Automation (BPA)
Same vendor: Cisco
Same weakness: CWE-285
V. Comments for CVE-2021-1574

No comments yet

Leave a comment