CVE-2021-1538

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root.

CVSS v3 4.7 MEDIUM
CVSS v2.0 9.0 HIGH

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:44

Type	Values Removed	Values Added
CVSS	v2 : ~~9.0~~ v3 : ~~7.2~~	v2 : 9.0 v3 : 4.7
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu - Vendor Advisory

Information

Published : 2021-06-04 17:15

Updated : 2024-11-21 05:44

NVD link : CVE-2021-1538

Mitre link : CVE-2021-1538

CVE.ORG link : CVE-2021-1538

JSON object : View

Products Affected

cisco

common_services_platform_collector

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2021-1538", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2021-06-04T17:15:09.550", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root."}, {"lang": "es", "value": "Una vulnerabilidad en el panel de configuraci\u00f3n de Cisco Common Services Platform Collector (CSPC) podr\u00eda permitir a un atacante remoto y autenticado ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad es debido a un saneamiento insuficiente de las entradas de configuraci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad al iniciar una sesi\u00f3n como superadministrador e introducir datos dise\u00f1ados en las opciones de configuraci\u00f3n del panel de control de CSPC. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo remoto como root"}], "lastModified": "2024-11-21T05:44:34.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B84E1BF-42F4-4D93-90A3-80CAABBB85A4", "versionEndExcluding": "2.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}