Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Intersight Virtual Appliance Command Injection Vulnerability

cisco-sa-ucsi2-command-inject-CGyC8y2R · High · Published · Updated

A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2021-34748
Cisco Bug IDsCSCvz08353
CVSS ScoreBase 8.8
Base 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Intersight Virtual Appliance

Related Products

Product CVE Evidence
Cisco Intersight Virtual Appliance CVE-2021-34748 Cisco OpenVuln