CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-34748

A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.6%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

Products affected by CVE-2021-34748

Cisco » Intersight Virtual Appliance » Version: 1.0.9-150

cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-150
Cisco » Intersight Virtual Appliance » Version: 1.0.9-230

cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-230
Cisco » Intersight Virtual Appliance » Version: 1.0.9-292

cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-292

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-34748

Products

Pricing

Contact Us