cbcvebase.

Cisco Intersight Virtual Appliance vulnerabilities

9 known vulnerabilities affecting cisco/cisco_intersight_virtual_appliance.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2021-34748P2HIGHCVSS 8.8vn/a2021-10-06
CVE-2021-34748 [HIGH] CWE-77 CVE-2021-34748: A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could al A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to exe
nvd
CVE-2023-20017P2CRITICALCVSS 9.1v1.0.9-113v1.0.9-148+34 more2023-08-16
CVE-2023-20017 [CRITICAL] CWE-78 CVE-2023-20017: Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validati
nvd
CVE-2023-20013P2CRITICALCVSS 9.1v1.0.9-113v1.0.9-148+39 more2023-08-16
CVE-2023-20013 [CRITICAL] CWE-78 CVE-2023-20013: Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validati
nvd
CVE-2021-1618P3HIGHCVSS 7.2vn/a2021-07-22
CVE-2021-1618 [HIGH] CWE-36 CVE-2021-1618: Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-b
nvd
CVE-2021-1617P3MEDIUMCVSS 6.5vn/a2021-07-22
CVE-2021-1617 [MEDIUM] CWE-36 CVE-2021-1617: Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web
nvd
CVE-2021-1600P3HIGHCVSS 8.3vn/a2021-07-22
CVE-2021-1600 [HIGH] CWE-284 CVE-2021-1600: Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjac Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vuln
nvd
CVE-2021-1601P3HIGHCVSS 8.3vn/a2021-07-22
CVE-2021-1601 [HIGH] CWE-284 CVE-2021-1601: Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjac Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vuln
nvd
CVE-2026-20092P4MEDIUMCVSS 6.0v1.1.4-02026-01-21
CVE-2026-20092 [MEDIUM] CWE-732 CVE-2026-20092: A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow A vulnerability in the read-only maintenance shell of Cisco Intersight Virtual Appliance could allow an authenticated, local attacker with administrative privileges to elevate privileges to root on the virtual appliance. This vulnerability is due to improper file permissions on configuration files for system accounts within the maintenance shell of
nvd
CVE-2023-20237P4MEDIUMCVSS 4.3v1.0.9-503v1.0.9-536+3 more2023-08-16
CVE-2023-20237 [MEDIUM] CWE-284 CVE-2023-20237: A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attac A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A suc
nvd
Cisco Intersight Virtual Appliance vulnerabilities | cvebase