How severe is CVE-2021-1487?

CVE-2021-1487 has a severity rating of 8.8, which is categorized as critical.

Which software versions are affected by CVE-2021-1487?

The Cisco Evolved Programmable Network Manager up to version 5.1 and Cisco Prime Infrastructure up to version 3.9 are affected by CVE-2021-1487.

How can an attacker exploit CVE-2021-1487?

An attacker can exploit CVE-2021-1487 by exploiting insufficient validation of user-supplied input in the web-based management interface to execute arbitrary commands.

Is there a fix available for CVE-2021-1487?

Yes, Cisco has released a security advisory with detailed instructions on how to mitigate the vulnerability. It is recommended to follow the vendor's guidance to fix CVE-2021-1487.

Vulnerability/
CVE-2021-1487

critical

CWE

22/5/2021

8/11/2024

CVE-2021-1487: Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Command Injection Vulnerability

Q: What is CVE-2021-1487?

CVE-2021-1487 is a vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager that allows an authenticated, remote attacker to execute arbitrary commands on an affected system.

First published: Sat May 22 2021(Updated: )

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with the permissions of a special non-root user. In this way, an attacker could take control of the affected system, which would allow them to obtain and alter sensitive data. The attacker could also affect the devices that are managed by the affected system by pushing arbitrary configuration files, retrieving device credentials and confidential information, and ultimately undermining the stability of the devices, causing a denial of service (DoS) condition.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Evolved Programmable Network Manager	<5.1
Cisco Prime Infrastructure	<3.9

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-cmd-inj-YU5e6tB3

Frequently Asked Questions

What is CVE-2021-1487?
CVE-2021-1487 is a vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager that allows an authenticated, remote attacker to execute arbitrary commands on an affected system.
How severe is CVE-2021-1487?
CVE-2021-1487 has a severity rating of 8.8, which is categorized as critical.
Which software versions are affected by CVE-2021-1487?
The Cisco Evolved Programmable Network Manager up to version 5.1 and Cisco Prime Infrastructure up to version 3.9 are affected by CVE-2021-1487.
How can an attacker exploit CVE-2021-1487?
An attacker can exploit CVE-2021-1487 by exploiting insufficient validation of user-supplied input in the web-based management interface to execute arbitrary commands.
Is there a fix available for CVE-2021-1487?
Yes, Cisco has released a security advisory with detailed instructions on how to mitigate the vulnerability. It is recommended to follow the vendor's guidance to fix CVE-2021-1487.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/title
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/cisco
canonical/cisco evolved programmable network manager
canonical/cisco prime infrastructure

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.