Lucene search

CiscoCVELIST:CVE-2021-1264

HistoryJan 20, 2021 - 7:57 p.m.

CVE-2021-1264 Cisco DNA Center Command Runner Command Injection Vulnerability

2021-01-2019:57:27

CWE-78

cisco

www.cve.org

cisco dna center

command runner

vulnerability

command injection

input validation

api call

cli commands

cve-2021-1264.

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center.

CNA Affected

[
  {
    "product": "Cisco Digital Network Architecture Center (DNA Center)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-cmdinj-erumsWh9

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

56.5%

JSON

Related for CVELIST:CVE-2021-1264