cbcvebase.
CVE-2021-1247
published 2021-01-20

CVE-2021-1247: Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.90%
77.1th percentile
Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_data_center_network_manager
ciscodata_center_network_manager< 11.5\(1\)11.5\(1\)
ciscodata_center_network_manager

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability class is SQL Injection (CWE-89) via authenticated REST API endpoints of Cisco DCNM; monitor for anomalous or malformed SQL payloads in REST API requests to DCNM.
  • Track Cisco bug IDs CSCvv82432 and CSCvv82433 for patch status and internal vendor indicators associated with these SQL injection vulnerabilities.
  • ·Exploitation requires the attacker to be authenticated; unauthenticated access alone is insufficient to trigger these SQL injection vulnerabilities.
  • ·No workarounds exist for these vulnerabilities; only vendor-supplied software updates remediate the issue.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.