What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-1306.

What is the severity of CVE-2021-1306?

The severity of CVE-2021-1306 is medium with a severity value of 3.4.

Which software products are affected by CVE-2021-1306?

The software products affected by CVE-2021-1306 are Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure.

What is the description of CVE-2021-1306?

CVE-2021-1306 is a vulnerability in the restricted shell of Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure that allows an authenticated, local attacker to identify directories and write arbitrary files to the file system.

How can I fix CVE-2021-1306?

To fix CVE-2021-1306, it is recommended to apply the necessary security patches provided by Cisco.

Vulnerability/
CVE-2021-1306

medium

4.4

CWE

610 73

22/5/2021

8/11/2024

CVE-2021-1306: Cisco ADE-OS Local File Inclusion Vulnerability

First published: Sat May 22 2021(Updated: )

A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Evolved Programmable Network Manager	<5.0.1
Cisco Identity Services Engine	<2.7.0
Cisco Identity Services Engine	=2.7.0
Cisco Identity Services Engine	=2.7.0-patch2
Cisco Identity Services Engine	=3.0.0
Cisco Identity Services Engine	=3.0.0-patch1
Cisco Prime Infrastructure	<3.8.1
Cisco Prime Infrastructure	=3.8.1

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-1306.
What is the severity of CVE-2021-1306?
The severity of CVE-2021-1306 is medium with a severity value of 3.4.
Which software products are affected by CVE-2021-1306?
The software products affected by CVE-2021-1306 are Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure.
What is the description of CVE-2021-1306?
CVE-2021-1306 is a vulnerability in the restricted shell of Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure that allows an authenticated, local attacker to identify directories and write arbitrary files to the file system.
How can I fix CVE-2021-1306?
To fix CVE-2021-1306, it is recommended to apply the necessary security patches provided by Cisco.

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/title
agent/references
agent/severity
agent/first-publish-date
agent/tags
agent/event
agent/description
vendor/cisco
canonical/cisco evolved programmable network manager
canonical/cisco identity services engine
version/cisco identity services engine/2.7.0
version/cisco identity services engine/2.7.0-patch2
version/cisco identity services engine/3.0.0
version/cisco identity services engine/3.0.0-patch1
canonical/cisco prime infrastructure
version/cisco prime infrastructure/3.8.1