CVE-2021-1538 MEDIUM

CVE-2021-1538: Cisco Common Services Platform Collector Command Injection Vulnerability

Vendor Cisco
Product Cisco Common Services Platform Collector Software
Weakness CWE-78
Published June 4, 2021
Last update November 7, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root.

Key dates

02Disclosure timeline

June 4, 2021 CVE published
November 7, 2024 Record updated