Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Common Services Platform Collector SQL Injection Vulnerability

cisco-sa-CSPC-SQLI-unVPTn5 · Medium · Published · Updated

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-SQLI-unVPTn5

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2021-40129
Cisco Bug IDsCSCvx76422
CVSS ScoreBase 4.9
Base 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Common Services Platform Collector Software

Related Products

Product CVE Evidence
Cisco Common Services Platform Collector Software CVE-2021-40129 Cisco OpenVuln