Lucene search

CiscoCVELIST:CVE-2021-1581

HistoryAug 25, 2021 - 7:10 p.m.

CVE-2021-1581 Cisco Application Policy Infrastructure Controller Command Injection and File Upload Vulnerabilities

2021-08-2519:10:37

CWE-284

cisco

www.cve.org

cve-2021-1581

command injection

file upload

web ui

api endpoints

remote attacker

advisory

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection or file upload attack on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CNA Affected

[
  {
    "product": "Cisco Application Policy Infrastructure Controller (APIC)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-mdvul-HBsJBuvW

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Related for CVELIST:CVE-2021-1581