cbcvebase.
CVE-2021-34748
published 2021-10-06

CVE-2021-34748: A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.75%
84.4th percentile
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_intersight_virtual_appliance
ciscointersight_virtual_appliance
ciscointersight_virtual_appliance1.0.9-150 – 1.0.9-292

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is the web-based management interface of Cisco Intersight Virtual Appliance; monitor for crafted/anomalous input submitted via that interface by authenticated users
  • Successful exploitation results in arbitrary OS commands running as root; alert on unexpected root-level process spawning from the Intersight web management process
  • Track Cisco Bug ID CSCvz08353 for vendor patch/signature updates related to this vulnerability
  • ·Exploitation requires the attacker to be authenticated; attack surface is limited to authenticated users of the web-based management interface
  • ·No workarounds are available; the only mitigation is applying the vendor-supplied software update
  • ·Root cause is insufficient input validation in the web management interface (CWE-77 Command Injection); any user-controlled input fields in that interface should be treated as untrusted

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.