First published: Thu May 06 2021(Updated: )
A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could exploit this vulnerability by including malicious input during the execution of this command. A successful exploit could allow a non-privileged attacker authenticated in the restricted CLI to execute arbitrary commands on the underlying operating system (OS) with root privileges.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Enterprise NFV Infrastructure Software | <4.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1421 is a vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) that allows an authenticated, local attacker to perform a command injection attack on an affected device.
CVE-2021-1421 has a severity rating of 7.8 (high).
CVE-2021-1421 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) versions up to and including 4.5.1.
An attacker can exploit CVE-2021-1421 by injecting malicious commands into a configuration command in Cisco Enterprise NFV Infrastructure Software (NFVIS).
Yes, Cisco has released a security advisory with information on how to mitigate this vulnerability. Please refer to the Cisco Security Advisory for detailed guidance.