CVE-2021-1142

Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities

CVSS 9.8 CRITICALEPSS 4.3%CWE-20

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.8EPSS 4.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

20 ene 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Cisco · Cisco Smart Software Manager On-Prem

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-multici-pgG5WM5A