SB2021012110 - Multiple vulnerabilities in Cisco Smart Software Manager On-Prem
Published: January 21, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Command Injection (CVE-ID: CVE-2021-1138)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web UI. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
2) Command Injection (CVE-ID: CVE-2021-1139)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web UI. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
3) Command Injection (CVE-ID: CVE-2021-1140)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web UI. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
4) Command Injection (CVE-ID: CVE-2021-1141)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web UI. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
5) Command Injection (CVE-ID: CVE-2021-1142)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to improper input validation in the web UI. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.
Remediation
Install update from vendor's website.