CVE-2021-1474
published 2021-04-08CVE-2021-1474: Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to…
PriorityP341high8.6CVSS 3.1
AVLACLPRNUIRSCCHIHAH
EPSS
0.72%
49.3th percentile
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_umbrella_insights_virtual_appliance | — | — |
| cisco | umbrella_link_and_csv_formula | — | — |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-382q-3qj5-29mx: Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote at
ghsa_unreviewed·2022-05-24
CVE-2021-1474 [HIGH] CWE-1236 GHSA-382q-3qj5-29mx: Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote at
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Cisco
Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
vendor_cisco·2021-04-07·CVSS 6.5
CVE-2021-1474 [MEDIUM] CWE-1236 Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-inject-gbZGHP5T
Cisco
Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-1474 Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
CVE-2021-1474: Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-1236, CWE-74, CWE-1236, CWE-74
Bug IDs: CSCvx27753, CSCvx28555, CSCvx27753, CSCvx28555
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-08
Published