Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Common Services Platform Collector Information Disclosure Vulnerability
Vulnerability Description
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Cisco Common Services Platform Collector 信息泄露漏洞
Vulnerability Description
Cisco Common Services Platform Collector(CSPC)是美国思科(Cisco)公司的一款通用服务平台数据收集器。该产品通过轮询思科设备的基本库存和配置数据分析网络性能,并识别风险和漏洞。 Cisco Common Services Platform Collector 存在信息泄露漏洞,该漏洞源于思科公共服务平台收集器(CSPC)的基于web的管理界面的应用程序在响应特定API请求时没有充分保护敏感数据。攻击者可利用该漏洞获得应用程序用户的敏感信息,包括安全问题和答案
CVSS Information
N/A
Vulnerability Type
N/A