cbcvebase.

Cisco Intersight Virtual Appliance vulnerabilities

7 known vulnerabilities affecting cisco/intersight_virtual_appliance.

Total CVEs
7
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-44228P1CRITICALCVSS 10.0KEVPoCRansomwarefixed in 1.0.9-361v1.0.9-3432021-12-10
CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD
nvd
CVE-2021-34748P2HIGHCVSS 8.8≥ 1.0.9-150, ≤ 1.0.9-2922021-10-06
CVE-2021-34748 [HIGH] CWE-77 CVE-2021-34748: A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could al A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to exe
nvd
CVE-2021-1618P3HIGHCVSS 7.2fixed in 1.0.9-2922021-07-22
CVE-2021-1618 [HIGH] CWE-36 CVE-2021-1618: Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-b
nvd
CVE-2021-1617P3MEDIUMCVSS 6.5fixed in 1.0.9-2922021-07-22
CVE-2021-1617 [MEDIUM] CWE-36 CVE-2021-1617: Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web
nvd
CVE-2021-1600P3HIGHCVSS 8.3v1.0\(1\)2021-07-22
CVE-2021-1600 [HIGH] CWE-284 CVE-2021-1600: Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjac Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vuln
nvd
CVE-2021-1601P3HIGHCVSS 8.3v1.0\(1\)2021-07-22
CVE-2021-1601 [HIGH] CWE-284 CVE-2021-1601: Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjac Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vuln
nvd
CVE-2023-20237P4MEDIUMCVSS 4.3fixed in 1.0.9-5892023-08-16
CVE-2023-20237 [MEDIUM] CWE-284 CVE-2023-20237: A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attac A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A suc
nvd
Cisco Intersight Virtual Appliance vulnerabilities | cvebase