First published: Wed Oct 06 2021(Updated: )
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Intersight Virtual Appliance | >=1.0.9-150<=1.0.9-292 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34748 is a vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance that could allow an authenticated, remote attacker to perform a command injection attack.
CVE-2021-34748 has a severity rating of 8.8 (critical).
CVE-2021-34748 affects Cisco Intersight Virtual Appliance versions 1.0.9-150 to 1.0.9-292.
The Common Weakness Enumeration (CWE) for CVE-2021-34748 includes CWE-20, CWE-77, and CWE-78.
To fix CVE-2021-34748, it is recommended to apply the necessary security patches or updates provided by Cisco.