CVE-2021-1306 — External Control of File Name or Path in Cisco Evolved Programmable Network Manager

CWE-73 — External Control of File Name or Path CWE-610 — Externally Controlled Reference to a Resource in Another Sphere4 documents4 sources

Severity

3.4LOWNVD

CNA4.4

EPSS

0.0%

top 88.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Identity Services Engine Cisco Prime Infrastructure +1 more

Timeline

PublishedMay 22

Latest updateMay 24

Description

A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI com…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 0.8 | Impact: 2.5

Affected Packages4 packages

▶NVDcisco/evolved_programmable_network_manager< 5.0.1

▶NVDcisco/identity_services_engine< 2.7.0+2

▶CVEListV5cisco/cisco_identity_services_engine_softwaren/a

▶NVDcisco/prime_infrastructure< 3.8.1+1

🔴Vulnerability Details

GHSA

GHSA-v764-45vr-f9mp: A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Inf↗2022-05-24

▶

CVEList

Cisco ADE-OS Local File Inclusion Vulnerability↗2021-05-22

▶

📋Vendor Advisories

Cisco

Cisco ADE-OS Local File Inclusion Vulnerability↗2021-05-19

▶