CVE-2021-1538

CWE-78OS Command Injection4 documents4 sources
Severity
7.2HIGH
EPSS
2.0%
top 16.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Common Services Platform CollectorCisco Cisco Common Services Platform Collector Software
Timeline
PublishedJun 4
Latest updateMay 24

Description

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-52h9-h2q5-cjwm: A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to exe2022-05-24
CVEList
Cisco Common Services Platform Collector Command Injection Vulnerability2021-06-04

📋Vendor Advisories

1
Cisco
Cisco Common Services Platform Collector Command Injection Vulnerability2021-06-02
CVE-2021-1538 (HIGH CVSS 7.2) | A vulnerability in the configuratio | cvebase.io