CVE-2021-34748

HIGH

8.8

CVSS Severity Score

EPSS Score0.1240%

EPSS Percentile14.38th

PublishedOct 6, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.

Affected Platforms (CPE)

📦

Cisco

Intersight Virtual Appliance

>= 1.0.9-150 and <= 1.0.9-292

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R

Vulnerability Description

Affected Platforms (CPE)

Intersight Virtual Appliance

References & Advisories

Related Vulnerabilities