CVE-2021-34748
published 2021-10-06CVE-2021-34748: A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.75%
84.4th percentile
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_intersight_virtual_appliance | — | — |
| cisco | intersight_virtual_appliance | — | — |
| cisco | intersight_virtual_appliance | 1.0.9-150 – 1.0.9-292 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is the web-based management interface of Cisco Intersight Virtual Appliance; monitor for crafted/anomalous input submitted via that interface by authenticated users ↗
- →Successful exploitation results in arbitrary OS commands running as root; alert on unexpected root-level process spawning from the Intersight web management process ↗
- →Track Cisco Bug ID CSCvz08353 for vendor patch/signature updates related to this vulnerability ↗
- ·Exploitation requires the attacker to be authenticated; attack surface is limited to authenticated users of the web-based management interface ↗
- ·No workarounds are available; the only mitigation is applying the vendor-supplied software update ↗
- ·Root cause is insufficient input validation in the web management interface (CWE-77 Command Injection); any user-controlled input fields in that interface should be treated as untrusted ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Intersight Virtual Appliance Command Injection Vulnerability
vendor_cisco·2021-10-06·CVSS 8.8
CVE-2021-34748 [HIGH] CWE-77 Cisco Intersight Virtual Appliance Command Injection Vulnerability
Cisco Intersight Virtual Appliance Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/securi
Cisco
Cisco Intersight Virtual Appliance Command Injection Vulnerability
vendor_cisco·CVSS 3.1
CVE-2021-34748 Cisco Intersight Virtual Appliance Command Injection Vulnerability
CVE-2021-34748: Cisco Intersight Virtual Appliance Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root -level privileges on an affected device. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE: CWE-77, CWE-77
Bug IDs: CSCvz08353
GHSA
GHSA-ffw3-9pwp-wmfg: A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a
ghsa_unreviewed·2022-05-24
CVE-2021-34748 [HIGH] CWE-77 GHSA-ffw3-9pwp-wmfg: A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-06
Published