CVE-2021-34748
Published on: 10/06/2021 12:00:00 AM UTC
Last Modified on: 10/24/2022 02:26:00 PM UTC
CVE-2021-34748 - advisory for cisco-sa-ucsi2-command-inject-CGyC8y2R
Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Intersight Virtual Appliance from Cisco contain the following vulnerability:
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.
- CVE-2021-34748 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
- The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
- Affected Vendor/Software:
Cisco - Cisco Intersight Virtual Appliance version n/a
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 9 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Cisco Intersight Virtual Appliance Command Injection Vulnerability | tools.cisco.com text/html |
![]() |
Exploit/POC from Github
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authentica…
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Cisco | Intersight Virtual Appliance | All | All | All | All |
- cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*:
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-34748 : A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could… twitter.com/i/web/status/1… | 2021-10-06 19:59:41 |