Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-1306

Опубликовано: 22 мая 2021
Источник: nvd
CVSS3: 4.4
CVSS3: 3.4
CVSS2: 3.6
EPSS Низкий

Описание

A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
Версия до 5.0.1 (исключая)
cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
Версия до 2.7.0 (исключая)
cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
Версия до 3.8.1 (исключая)
cpe:2.3:a:cisco:prime_infrastructure:3.8.1:-:*:*:*:*:*:*

EPSS

Процентиль: 11%
0.00039
Низкий

4.4 Medium

CVSS3

3.4 Low

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-73
CWE-610

Связанные уязвимости

github логотип

GHSA-v764-45vr-f9mp

github
больше 3 лет назад

A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the attacker to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user.

fstec логотип

BDU:2021-02671

CVSS3: 4.4
fstec
больше 4 лет назад

Уязвимость системы мониторинга и управления сетевым оборудованием Cisco Prime Infrastructure, программного средства управления сетевыми сервисами Cisco Evolved Programmable Network (EPN) Manager и платформы управления политиками соединений Cisco Identity Services Engine, связанная с некорректным внешним управлением именем или путем файла, позволяющая нарушителю записывать произвольные файлы

EPSS

Процентиль: 11%
0.00039
Низкий

4.4 Medium

CVSS3

3.4 Low

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-73
CWE-610