Lucene search

CiscoCVELIST:CVE-2021-40129

HistoryNov 18, 2021 - 11:50 p.m.

CVE-2021-40129 Cisco Common Services Platform Collector SQL Injection Vulnerability

2021-11-1823:50:17

CWE-89

cisco

www.cve.org

cisco common services platform collector

sql injection

configuration dashboard

vulnerability

input validation

uploaded files

restricted information

database

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database.

CNA Affected

[
  {
    "product": "Cisco Common Services Platform Collector Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-SQLI-unVPTn5

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

44.3%

JSON

Related for CVELIST:CVE-2021-40129