Vulnslist

find the latest Cisco vulnerabilities

Cisco DNA Center Command Runner Command Injection Vulnerability

cisco-sa-dnac-cmdinj-erumsWh9 · Critical · Published · Updated

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-cmdinj-erumsWh9

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2021-1264
Cisco Bug IDsCSCvq39748
CVSS ScoreBase 9.6
Base 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Digital Network Architecture Center (DNA Center)

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2021-1264 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2021-1264 Cisco OpenVuln
Cisco Digital Network Architecture Center (DNA Center) CVE-2021-1264 Cisco OpenVuln