All the vulnerabilites related to cisco - intersight_virtual_appliance
Vulnerability from fkie_nvd
Published
2021-10-06 20:15
Modified
2024-11-21 06:11
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2RVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2RVendor Advisory
Impacted products
Vendor Product Version
cisco intersight_virtual_appliance *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D747D1E-A742-41C1-A4AD-EFD53EB9BAA4",
              "versionEndIncluding": "1.0.9-292",
              "versionStartIncluding": "1.0.9-150",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Intersight Virtual Appliance podr\u00eda permitir a un atacante remoto autenticado llevar a cabo un ataque de inyecci\u00f3n de comandos en un dispositivo afectado. Esta vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad al usar la interfaz de administraci\u00f3n basada en web para ejecutar un comando usando una entrada dise\u00f1ada. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos arbitrarios usando privilegios de nivel de root en un dispositivo afectado"
    }
  ],
  "id": "CVE-2021-34748",
  "lastModified": "2024-11-21T06:11:06.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-06T20:15:10.670",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-22 16:15
Modified
2024-11-21 05:44
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8Patch, Vendor Advisory
Impacted products
Vendor Product Version
cisco intersight_virtual_appliance 1.0\(1\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6C90E91C-742D-4D53-957E-A93D358D22CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en Cisco Intersight Virtual Appliance podr\u00edan permitir a un atacante adyacente no autenticado acceder a servicios internos confidenciales desde una interfaz externa. Estas vulnerabilidades son debido a las restricciones insuficientes para los paquetes IPv4 o IPv6 que se reciben la interfaz de administraci\u00f3n externa. Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de tr\u00e1fico espec\u00edfico a esta interfaz en un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante acceder a servicios internos confidenciales y realizar cambios de configuraci\u00f3n en el dispositivo afectado"
    }
  ],
  "id": "CVE-2021-1600",
  "lastModified": "2024-11-21T05:44:42.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-22T16:15:08.330",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-22 16:15
Modified
2024-11-21 05:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSxPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSxPatch, Vendor Advisory
Impacted products
Vendor Product Version
cisco intersight_virtual_appliance *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF59A67B-EB2B-4F3E-AA09-DE41565182C6",
              "versionEndExcluding": "1.0.9-292",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en la web de Cisco Intersight Virtual Appliance podr\u00edan permitir a un atacante remoto y autenticado conducir un ataque de salto de ruta o de inyecci\u00f3n de comandos en un sistema afectado. Estas vulnerabilidades son debido a una comprobaci\u00f3n de entradas insuficiente. Un atacante podr\u00eda explotar estas vulnerabilidades al usar la interfaz de administraci\u00f3n basada en la web para realizar una o ambas de las siguientes acciones: Ejecutar un comando usando una entrada dise\u00f1ada. Cargar un archivo que ha sido alterado usando t\u00e9cnicas de salto de ruta. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer y escribir archivos arbitrarios o ejecutar comandos arbitrarios como root en un sistema afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
    }
  ],
  "id": "CVE-2021-1617",
  "lastModified": "2024-11-21T05:44:44.957",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-22T16:15:08.827",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-36"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-08-16 22:15
Modified
2024-11-21 07:40
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.
References
ykramarz@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqbPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqbPatch, Vendor Advisory
Impacted products
Vendor Product Version
cisco intersight_virtual_appliance *
cisco intersight_assist -
cisco intersight_connected_virtual_appliance -
cisco intersight_private_virtual_appliance -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F939C0F-2514-44C9-ADF6-4DCB344529EB",
              "versionEndExcluding": "1.0.9-589",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intersight_assist:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D811AADF-88B4-452D-BCE8-8F288E6F3AEC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:cisco:intersight_connected_virtual_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C846A1B-7BAF-4352-8ED0-A175478E6222",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:cisco:intersight_private_virtual_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB33AF02-AB30-4C29-BDD5-8BE8621DDCAF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible.\r\n\r This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level."
    }
  ],
  "id": "CVE-2023-20237",
  "lastModified": "2024-11-21T07:40:57.847",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-16T22:15:12.777",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-22 16:15
Modified
2024-11-21 05:44
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8Patch, Vendor Advisory
Impacted products
Vendor Product Version
cisco intersight_virtual_appliance 1.0\(1\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6C90E91C-742D-4D53-957E-A93D358D22CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en Cisco Intersight Virtual Appliance, podr\u00edan permitir a un atacante adyacente no autenticado acceder a servicios internos confidenciales desde una interfaz externa. Estas vulnerabilidades son debido a restricciones insuficientes para los paquetes IPv4 o IPv6 que se reciben la interfaz de administraci\u00f3n externa. Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de tr\u00e1fico espec\u00edfico a esta interfaz en un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante acceder a servicios internos confidenciales y realizar cambios de configuraci\u00f3n en el dispositivo afectado"
    }
  ],
  "id": "CVE-2021-1601",
  "lastModified": "2024-11-21T05:44:43.103",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-22T16:15:08.487",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-22 16:15
Modified
2024-11-21 05:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSxPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSxPatch, Vendor Advisory
Impacted products
Vendor Product Version
cisco intersight_virtual_appliance *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF59A67B-EB2B-4F3E-AA09-DE41565182C6",
              "versionEndExcluding": "1.0.9-292",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en la web de Cisco Intersight Virtual Appliance podr\u00edan permitir a un atacante remoto autenticado realizar un ataque de salto de ruta o de inyecci\u00f3n de comandos en un sistema afectado. Estas vulnerabilidades son debido a una comprobaci\u00f3n de entradas insuficiente. Un atacante podr\u00eda explotar estas vulnerabilidades al usar la interfaz de administraci\u00f3n basada en la web para realizar una o ambas de las siguientes acciones: Ejecutar un comando usando una entrada dise\u00f1ada. Cargar un archivo que ha sido alterado usando t\u00e9cnicas de salto de ruta. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer y escribir archivos arbitrarios o ejecutar comandos arbitrarios como root en un sistema afectado. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
    }
  ],
  "id": "CVE-2021-1618",
  "lastModified": "2024-11-21T05:44:45.087",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-22T16:15:08.980",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-36"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-12-10 10:15
Modified
2024-11-21 06:30
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
security@apache.orghttp://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.htmlExploit, Third Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.htmlExploit, Third Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.htmlExploit, Third Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@apache.orghttp://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://seclists.org/fulldisclosure/2022/Dec/2Exploit, Mailing List, Third Party Advisory
security@apache.orghttp://seclists.org/fulldisclosure/2022/Jul/11Mailing List, Third Party Advisory
security@apache.orghttp://seclists.org/fulldisclosure/2022/Mar/23Mailing List, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/10/1Mailing List, Mitigation, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/10/2Mailing List, Mitigation, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/10/3Mailing List, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/13/1Mailing List, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/13/2Mailing List, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/14/4Mailing List, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/15/3Mailing List, Third Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdfThird Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfThird Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfThird Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdfThird Party Advisory
security@apache.orghttps://github.com/cisagov/log4j-affected-dbThird Party Advisory
security@apache.orghttps://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.mdBroken Link, Product, US Government Resource
security@apache.orghttps://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228Exploit, Third Party Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2021/12/msg00007.htmlMailing List, Third Party Advisory
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/Release Notes
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/Release Notes
security@apache.orghttps://logging.apache.org/log4j/2.x/security.htmlRelease Notes, Vendor Advisory
security@apache.orghttps://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/Patch, Third Party Advisory, Vendor Advisory
security@apache.orghttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20211210-0007/Third Party Advisory
security@apache.orghttps://support.apple.com/kb/HT213189Third Party Advisory
security@apache.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
security@apache.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
security@apache.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
security@apache.orghttps://twitter.com/kurtseifried/status/1469345530182455296Broken Link, Exploit, Third Party Advisory
security@apache.orghttps://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001Third Party Advisory
security@apache.orghttps://www.debian.org/security/2021/dsa-5020Mailing List, Third Party Advisory
security@apache.orghttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.htmlThird Party Advisory
security@apache.orghttps://www.kb.cert.org/vuls/id/930724Third Party Advisory, US Government Resource
security@apache.orghttps://www.nu11secur1ty.com/2021/12/cve-2021-44228.htmlExploit, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/alert-cve-2021-44228.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Dec/2Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Jul/11Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Mar/23Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/10/1Mailing List, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/10/2Mailing List, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/10/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/13/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/13/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/14/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/15/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/cisagov/log4j-affected-dbThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.mdBroken Link, Product, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/12/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/Release Notes
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/Release Notes
af854a3a-2127-422b-91ae-364da2661108https://logging.apache.org/log4j/2.x/security.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20211210-0007/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213189Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://twitter.com/kurtseifried/status/1469345530182455296Broken Link, Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-5020Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/930724Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.nu11secur1ty.com/2021/12/cve-2021-44228.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/alert-cve-2021-44228.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache log4j *
apache log4j *
apache log4j *
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
siemens sppa-t3000_ses3000_firmware *
siemens sppa-t3000_ses3000 -
siemens captial *
siemens captial 2019.1
siemens captial 2019.1
siemens comos *
siemens desigo_cc_advanced_reports 4.0
siemens desigo_cc_advanced_reports 4.1
siemens desigo_cc_advanced_reports 4.2
siemens desigo_cc_advanced_reports 5.0
siemens desigo_cc_advanced_reports 5.1
siemens desigo_cc_info_center 5.0
siemens desigo_cc_info_center 5.1
siemens e-car_operation_center *
siemens energy_engage 3.1
siemens energyip 8.5
siemens energyip 8.6
siemens energyip 8.7
siemens energyip 9.0
siemens energyip_prepay 3.7
siemens energyip_prepay 3.8
siemens gma-manager *
siemens head-end_system_universal_device_integration_system *
siemens industrial_edge_management *
siemens industrial_edge_management_hub *
siemens logo\!_soft_comfort *
siemens mendix *
siemens mindsphere *
siemens navigator *
siemens nx *
siemens opcenter_intelligence *
siemens operation_scheduler *
siemens sentron_powermanager 4.1
siemens sentron_powermanager 4.2
siemens siguard_dsa 4.2
siemens siguard_dsa 4.3
siemens siguard_dsa 4.4
siemens sipass_integrated 2.80
siemens sipass_integrated 2.85
siemens siveillance_command *
siemens siveillance_control_pro *
siemens siveillance_identity 1.5
siemens siveillance_identity 1.6
siemens siveillance_vantage *
siemens siveillance_viewpoint *
siemens solid_edge_cam_pro *
siemens solid_edge_harness_design *
siemens solid_edge_harness_design 2020
siemens solid_edge_harness_design 2020
siemens solid_edge_harness_design 2020
siemens spectrum_power_4 *
siemens spectrum_power_4 4.70
siemens spectrum_power_4 4.70
siemens spectrum_power_4 4.70
siemens spectrum_power_7 *
siemens spectrum_power_7 2.30
siemens spectrum_power_7 2.30
siemens spectrum_power_7 2.30
siemens teamcenter *
siemens vesys *
siemens vesys 2019.1
siemens vesys 2019.1
siemens vesys 2019.1
siemens xpedition_enterprise -
siemens xpedition_package_integrator -
intel audio_development_kit -
intel computer_vision_annotation_tool -
intel data_center_manager *
intel genomics_kernel_library -
intel oneapi_sample_browser -
intel secure_device_onboard -
intel sensor_solution_firmware_development_kit -
intel system_debugger -
intel system_studio -
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 34
fedoraproject fedora 35
sonicwall email_security *
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp cloud_insights -
netapp cloud_manager -
netapp cloud_secure_agent -
netapp oncommand_insight -
netapp ontap_tools -
netapp snapcenter -
cisco advanced_malware_protection_virtual_private_cloud_appliance *
cisco automated_subsea_tuning *
cisco broadworks *
cisco business_process_automation *
cisco business_process_automation *
cisco business_process_automation *
cisco cloud_connect *
cisco cloudcenter *
cisco cloudcenter_cost_optimizer *
cisco cloudcenter_suite_admin *
cisco cloudcenter_workload_manager *
cisco common_services_platform_collector *
cisco common_services_platform_collector *
cisco connected_mobile_experiences -
cisco contact_center_domain_manager *
cisco contact_center_management_portal *
cisco crosswork_data_gateway *
cisco crosswork_data_gateway 3.0.0
cisco crosswork_network_controller *
cisco crosswork_network_controller 3.0.0
cisco crosswork_optimization_engine *
cisco crosswork_optimization_engine 3.0.0
cisco crosswork_platform_infrastructure *
cisco crosswork_platform_infrastructure 4.1.0
cisco crosswork_zero_touch_provisioning *
cisco crosswork_zero_touch_provisioning 3.0.0
cisco customer_experience_cloud_agent *
cisco cyber_vision_sensor_management_extension *
cisco data_center_network_manager *
cisco data_center_network_manager 11.3\(1\)
cisco dna_center *
cisco dna_center *
cisco dna_center *
cisco dna_spaces\ _connector
cisco emergency_responder *
cisco enterprise_chat_and_email *
cisco evolved_programmable_network_manager *
cisco finesse *
cisco finesse 12.6\(1\)
cisco fog_director -
cisco identity_services_engine *
cisco identity_services_engine 2.4.0
cisco integrated_management_controller_supervisor *
cisco intersight_virtual_appliance *
cisco iot_operations_dashboard -
cisco network_assurance_engine *
cisco network_services_orchestrator *
cisco network_services_orchestrator *
cisco network_services_orchestrator *
cisco network_services_orchestrator *
cisco nexus_dashboard *
cisco nexus_insights *
cisco optical_network_controller *
cisco packaged_contact_center_enterprise *
cisco packaged_contact_center_enterprise 11.6\(1\)
cisco paging_server *
cisco prime_service_catalog *
cisco sd-wan_vmanage *
cisco sd-wan_vmanage *
cisco sd-wan_vmanage *
cisco sd-wan_vmanage *
cisco smart_phy *
cisco ucs_central *
cisco ucs_director *
cisco unified_communications_manager *
cisco unified_communications_manager *
cisco unified_communications_manager 11.5\(1\)
cisco unified_communications_manager 11.5\(1\)
cisco unified_communications_manager 11.5\(1\)
cisco unified_communications_manager 11.5\(1\)su3
cisco unified_communications_manager_im_and_presence_service *
cisco unified_communications_manager_im_and_presence_service 11.5\(1\)
cisco unified_contact_center_enterprise *
cisco unified_contact_center_enterprise 11.6\(2\)
cisco unified_contact_center_express *
cisco unified_customer_voice_portal *
cisco unified_customer_voice_portal 11.6
cisco unified_customer_voice_portal 12.0
cisco unified_customer_voice_portal 12.5
cisco unity_connection *
cisco video_surveillance_operations_manager *
cisco virtual_topology_system *
cisco virtualized_infrastructure_manager *
cisco virtualized_infrastructure_manager *
cisco virtualized_voice_browser *
cisco wan_automation_engine *
cisco webex_meetings_server *
cisco webex_meetings_server 3.0
cisco webex_meetings_server 3.0
cisco webex_meetings_server 3.0
cisco webex_meetings_server 3.0
cisco webex_meetings_server 3.0
cisco webex_meetings_server 3.0
cisco webex_meetings_server 3.0
cisco webex_meetings_server 3.0
cisco webex_meetings_server 3.0
cisco webex_meetings_server 3.0
cisco webex_meetings_server 4.0
cisco webex_meetings_server 4.0
cisco webex_meetings_server 4.0
cisco webex_meetings_server 4.0
cisco workload_optimization_manager *
cisco unified_intelligence_center *
cisco unified_sip_proxy *
cisco unified_workforce_optimization *
cisco firepower_1010 -
cisco firepower_1120 -
cisco firepower_1140 -
cisco firepower_1150 -
cisco firepower_2110 -
cisco firepower_2120 -
cisco firepower_2130 -
cisco firepower_2140 -
cisco firepower_4110 -
cisco firepower_4112 -
cisco firepower_4115 -
cisco firepower_4120 -
cisco firepower_4125 -
cisco firepower_4140 -
cisco firepower_4145 -
cisco firepower_4150 -
cisco firepower_9300 -
cisco fxos 6.2.3
cisco fxos 6.3.0
cisco fxos 6.4.0
cisco fxos 6.5.0
cisco fxos 6.6.0
cisco fxos 6.7.0
cisco fxos 7.0.0
cisco fxos 7.1.0
cisco automated_subsea_tuning 02.01.00
cisco broadworks -
cisco cloudcenter_suite 4.10\(0.15\)
cisco cloudcenter_suite 5.3\(0\)
cisco cloudcenter_suite 5.4\(1\)
cisco cloudcenter_suite 5.5\(0\)
cisco cloudcenter_suite 5.5\(1\)
cisco common_services_platform_collector 002.009\(000.000\)
cisco common_services_platform_collector 002.009\(000.001\)
cisco common_services_platform_collector 002.009\(000.002\)
cisco common_services_platform_collector 002.009\(001.000\)
cisco common_services_platform_collector 002.009\(001.001\)
cisco common_services_platform_collector 002.009\(001.002\)
cisco common_services_platform_collector 002.010\(000.000\)
cisco connected_analytics_for_network_deployment 006.004.000.003
cisco connected_analytics_for_network_deployment 006.005.000.
cisco connected_analytics_for_network_deployment 006.005.000.000
cisco connected_analytics_for_network_deployment 007.000.001
cisco connected_analytics_for_network_deployment 007.001.000
cisco connected_analytics_for_network_deployment 007.002.000
cisco connected_analytics_for_network_deployment 7.3
cisco connected_analytics_for_network_deployment 007.003.000
cisco connected_analytics_for_network_deployment 007.003.001.001
cisco connected_analytics_for_network_deployment 007.003.003
cisco connected_analytics_for_network_deployment 008.000.000
cisco connected_analytics_for_network_deployment 008.000.000.000.004
cisco crosswork_network_automation -
cisco crosswork_network_automation 2.0.0
cisco crosswork_network_automation 3.0.0
cisco crosswork_network_automation 4.1.0
cisco crosswork_network_automation 4.1.1
cisco cx_cloud_agent 001.012
cisco cyber_vision 4.0.2
cisco cyber_vision_sensor_management_extension 4.0.2
cisco dna_center 2.2.2.8
cisco dna_spaces -
cisco dna_spaces_connector -
cisco emergency_responder 11.5
cisco emergency_responder 11.5\(4.65000.14\)
cisco emergency_responder 11.5\(4.66000.14\)
cisco enterprise_chat_and_email 12.0\(1\)
cisco enterprise_chat_and_email 12.5\(1\)
cisco enterprise_chat_and_email 12.6\(1\)
cisco evolved_programmable_network_manager 3.0
cisco evolved_programmable_network_manager 3.1
cisco evolved_programmable_network_manager 4.0
cisco evolved_programmable_network_manager 4.1
cisco evolved_programmable_network_manager 5.0
cisco evolved_programmable_network_manager 5.1
cisco finesse 12.5\(1\)
cisco finesse 12.5\(1\)
cisco finesse 12.6\(1\)
cisco finesse 12.6\(1\)
cisco finesse 12.6\(1\)
cisco finesse 12.6\(1\)
cisco firepower_threat_defense 6.2.3
cisco firepower_threat_defense 6.3.0
cisco firepower_threat_defense 6.4.0
cisco firepower_threat_defense 6.5.0
cisco firepower_threat_defense 6.6.0
cisco firepower_threat_defense 6.7.0
cisco firepower_threat_defense 7.0.0
cisco firepower_threat_defense 7.1.0
cisco identity_services_engine 002.004\(000.914\)
cisco identity_services_engine 002.006\(000.156\)
cisco identity_services_engine 002.007\(000.356\)
cisco identity_services_engine 003.000\(000.458\)
cisco identity_services_engine 003.001\(000.518\)
cisco identity_services_engine 003.002\(000.116\)
cisco integrated_management_controller_supervisor 002.003\(002.000\)
cisco integrated_management_controller_supervisor 2.3.2.0
cisco intersight_virtual_appliance 1.0.9-343
cisco mobility_services_engine -
cisco network_assurance_engine 6.0\(2.1912\)
cisco network_dashboard_fabric_controller 11.0\(1\)
cisco network_dashboard_fabric_controller 11.1\(1\)
cisco network_dashboard_fabric_controller 11.2\(1\)
cisco network_dashboard_fabric_controller 11.3\(1\)
cisco network_dashboard_fabric_controller 11.4\(1\)
cisco network_dashboard_fabric_controller 11.5\(1\)
cisco network_dashboard_fabric_controller 11.5\(2\)
cisco network_dashboard_fabric_controller 11.5\(3\)
cisco network_insights_for_data_center 6.0\(2.1914\)
cisco network_services_orchestrator -
cisco optical_network_controller 1.1
cisco paging_server 8.3\(1\)
cisco paging_server 8.4\(1\)
cisco paging_server 8.5\(1\)
cisco paging_server 9.0\(1\)
cisco paging_server 9.0\(2\)
cisco paging_server 9.1\(1\)
cisco paging_server 12.5\(2\)
cisco paging_server 14.0\(1\)
cisco prime_service_catalog 12.1
cisco sd-wan_vmanage 20.3
cisco sd-wan_vmanage 20.4
cisco sd-wan_vmanage 20.5
cisco sd-wan_vmanage 20.6
cisco sd-wan_vmanage 20.6.1
cisco sd-wan_vmanage 20.7
cisco sd-wan_vmanage 20.8
cisco smart_phy 3.1.2
cisco smart_phy 3.1.3
cisco smart_phy 3.1.4
cisco smart_phy 3.1.5
cisco smart_phy 3.2.1
cisco smart_phy 21.3
cisco ucs_central_software 2.0
cisco ucs_central_software 2.0\(1a\)
cisco ucs_central_software 2.0\(1b\)
cisco ucs_central_software 2.0\(1c\)
cisco ucs_central_software 2.0\(1d\)
cisco ucs_central_software 2.0\(1e\)
cisco ucs_central_software 2.0\(1f\)
cisco ucs_central_software 2.0\(1g\)
cisco ucs_central_software 2.0\(1h\)
cisco ucs_central_software 2.0\(1k\)
cisco ucs_central_software 2.0\(1l\)
cisco unified_communications_manager 11.5\(1.17900.52\)
cisco unified_communications_manager 11.5\(1.18119.2\)
cisco unified_communications_manager 11.5\(1.18900.97\)
cisco unified_communications_manager 11.5\(1.21900.40\)
cisco unified_communications_manager 11.5\(1.22900.28\)
cisco unified_communications_manager_im_\&_presence_service 11.5\(1\)
cisco unified_communications_manager_im_\&_presence_service 11.5\(1.22900.6\)
cisco unified_computing_system 006.008\(001.000\)
cisco unified_contact_center_enterprise 11.6\(2\)
cisco unified_contact_center_enterprise 12.0\(1\)
cisco unified_contact_center_enterprise 12.5\(1\)
cisco unified_contact_center_enterprise 12.6\(1\)
cisco unified_contact_center_enterprise 12.6\(2\)
cisco unified_contact_center_express 12.5\(1\)
cisco unified_contact_center_express 12.5\(1\)
cisco unified_contact_center_express 12.6\(1\)
cisco unified_contact_center_express 12.6\(2\)
cisco unified_contact_center_management_portal 12.6\(1\)
cisco unified_customer_voice_portal 11.6\(1\)
cisco unified_customer_voice_portal 12.0\(1\)
cisco unified_customer_voice_portal 12.5\(1\)
cisco unified_customer_voice_portal 12.6\(1\)
cisco unified_intelligence_center 12.6\(1\)
cisco unified_intelligence_center 12.6\(1\)
cisco unified_intelligence_center 12.6\(1\)
cisco unified_intelligence_center 12.6\(2\)
cisco unified_sip_proxy 010.000\(000\)
cisco unified_sip_proxy 010.000\(001\)
cisco unified_sip_proxy 010.002\(000\)
cisco unified_sip_proxy 010.002\(001\)
cisco unified_workforce_optimization 11.5\(1\)
cisco unity_connection 11.5
cisco unity_connection 11.5\(1.10000.6\)
cisco video_surveillance_manager 7.14\(1.26\)
cisco video_surveillance_manager 7.14\(2.26\)
cisco video_surveillance_manager 7.14\(3.025\)
cisco video_surveillance_manager 7.14\(4.018\)
cisco virtual_topology_system 2.6.6
cisco wan_automation_engine 7.1.3
cisco wan_automation_engine 7.2.1
cisco wan_automation_engine 7.2.2
cisco wan_automation_engine 7.2.3
cisco wan_automation_engine 7.3
cisco wan_automation_engine 7.4
cisco wan_automation_engine 7.5
cisco wan_automation_engine 7.6
cisco webex_meetings_server 3.0
cisco webex_meetings_server 4.0
snowsoftware snow_commander *
snowsoftware vm_access_proxy *
bentley synchro *
bentley synchro_4d *
percussion rhythmyx *
apple xcode *


To clipboard 

{
  "cisaActionDue": "2021-12-24",
  "cisaExploitAdd": "2021-12-10",
  "cisaRequiredAction": "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.",
  "cisaVulnerabilityName": "Apache Log4j2 Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03FA5E81-F9C0-403E-8A4B-E4284E4E7B72",
              "versionEndExcluding": "2.3.1",
              "versionStartIncluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED3D5EC-DAD5-4E5F-8BBD-B4E3349D84FC",
              "versionEndExcluding": "2.12.2",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31D423D-FC4D-428A-B863-55AF472B80DC",
              "versionEndExcluding": "2.15.0",
              "versionStartIncluding": "2.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "17854E42-7063-4A55-BF2A-4C7074CC2D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "53F32FB2-6970-4975-8BD0-EAE12E9AD03A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B773ED91-1D39-42E6-9C52-D02210DE1A94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EF24312D-1A62-482E-8078-7EC24758B710",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8320869-CBF4-4C92-885C-560C09855BFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "755BA221-33DD-40A2-A517-8574D042C261",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "07856DAA-EDB4-4522-BA16-CD302C9E39EF",
              "versionEndExcluding": "2019.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "F7AD819D-D093-472E-AA47-1A925111E4C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*",
              "matchCriteriaId": "2D07A11A-A3C6-4D44-B2E0-A8358D23947A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61597661-A3B0-4A14-AA6B-C911E0063390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB524B33-68E7-46A2-B5CE-BCD9C3194B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F852C6D-44A0-4CCE-83C7-4501CAD73F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA61161C-C2E7-4852-963E-E2D3DFBFDC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A76AA04A-BB43-4027-895E-D1EACFCDF41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A6B60F3-327B-49B7-B5E4-F1C60896C9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BCF281E-B0A2-49E2-AEF8-8691BDCE08D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87EFCC4-4BC1-4FEA-BAA4-8FF221838EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B678380B-E95E-4A8B-A49D-D13B62AA454E",
              "versionEndExcluding": "2021-12-13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4557476B-0157-44C2-BB50-299E7C7E1E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "991B2959-5AA3-4B68-A05A-42D9860FAA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E5948A0-CA31-41DF-85B6-1E6D09E5720B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C08D302-EEAC-45AA-9943-3A5F09E29FAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BA68C-B653-4507-9A2F-177CF456960F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F0C3D5E-579F-42C6-9D8C-37969A1D17D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C16C460-9482-4A22-92AC-1AE0E87D7F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E180527-5C36-4158-B017-5BEDC0412FD6",
              "versionEndExcluding": "8.6.2j-398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFDADA98-1CD0-45DA-9082-BFC383F7DB97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33D707F-100E-4DE7-A05B-42467DE75EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD3EAC80-44BE-41D2-8D57-0EE3DBA1E1B1",
              "versionEndExcluding": "2021-12-13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC8AB52-F4F4-440D-84F5-2776BFE1957A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AF6D774-AC8C-49CA-A00B-A2740CA8FA91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6423B1A7-F09F-421A-A0AC-3059CB89B110",
              "versionEndExcluding": "2021-12-11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C6A61B-2198-4B9E-8BCF-824643C81EC3",
              "versionEndExcluding": "2021-12-13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEE2F7A1-8281-48F1-8BFB-4FE0D7E1AEF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C74B9880-FFF9-48CA-974F-54FB80F30D2D",
              "versionEndIncluding": "3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74D1F4AD-9A60-4432-864F-4505B3C60659",
              "versionEndIncluding": "1.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABA5332-8D1E-4129-A557-FCECBAC12827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C3AA865-5570-4C8B-99DE-431AD7B163F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E03FB6-37F9-4559-8C86-F203D6782920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "90439591-BA01-4007-A2B6-B316548D4595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1F3B8B4-4D1B-4913-BD5F-1A04B47F829A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC0A575-F771-4B44-A0C6-6A5FD98E5134",
              "versionEndIncluding": "4.16.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D6B61-1F17-4008-9DFB-EF419777768E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F30DE588-9479-46AA-8346-EA433EE83A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4941EAD6-8759-4C72-ABA6-259C0E838216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2708F-0BD9-41BF-8CB1-4D06C4EFB777",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0762031C-DFF1-4962-AE05-0778B27324B9",
              "versionEndExcluding": "2020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*",
              "matchCriteriaId": "96271088-1D1B-4378-8ABF-11DAB3BB4DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*",
              "matchCriteriaId": "2595AD24-2DF2-4080-B780-BC03F810B9A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*",
              "matchCriteriaId": "88096F08-F261-4E3E-9EEB-2AB0225CD6F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "044994F7-8127-4F03-AA1A-B2AB41D68AF5",
              "versionEndExcluding": "4.70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*",
              "matchCriteriaId": "A6CB3A8D-9577-41FB-8AC4-0DF8DE6A519C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "17B7C211-6339-4AF2-9564-94C7DE52EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*",
              "matchCriteriaId": "DBCCBBBA-9A4F-4354-91EE-10A1460BBA3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F81F6B-E455-4367-ADA4-8A5EC7F4754A",
              "versionEndExcluding": "2.30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5EF509E-3799-4718-B361-EFCBA17AEEF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*",
              "matchCriteriaId": "8CA31645-29FC-4432-9BFC-C98A808DB8CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BB424991-0B18-4FFC-965F-FCF4275F56C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B209EFE-77F2-48CD-A880-ABA0A0A81AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D238AB-4A1F-458D-897E-2C93DCD7BA6C",
              "versionEndExcluding": "2019.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9778339A-EA93-4D18-9A03-4EB4CBD25459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "1747F127-AB45-4325-B9A1-F3D12E69FFC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*",
              "matchCriteriaId": "18BBEF7C-F686-4129-8EE9-0F285CE38845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD525494-2807-48EA-AED0-11B9CB5A6A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EDCBF98-A857-48BC-B04D-6F36A1975AA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "099344DD-8AEE-49A0-88A8-691A8A1E651F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A06BF8-E4DC-4389-8A91-8AC7598E0009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8555F365-2BFD-4A0A-A7D0-1459241758B3",
              "versionEndExcluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18989EBC-E1FB-473B-83E0-48C8896C2E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*",
              "matchCriteriaId": "EDE66B6C-25E5-49AE-B35F-582130502222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22BEE177-D117-478C-8EAD-9606DEDF9FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F021E2E7-0D8F-4336-82A6-77E521347C4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F66B0A2-22C0-41D5-B866-1764DEC12CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC619106-991C-413A-809D-C2410EBA4CDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5BAA8A5-74B3-48EB-8287-302927197A4E",
              "versionEndExcluding": "10.0.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "F3A48D58-4291-4D3C-9CEA-BF12183468A7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E52AF19-0158-451B-8E36-02CB6406083F",
              "versionEndExcluding": "3.5.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB21CFB4-4492-4C5D-BD07-FFBE8B5D92B6",
              "versionEndExcluding": "2.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97426511-9B48-46F5-AC5C-F9781F1BAE2F",
              "versionEndExcluding": "2021.11_1.162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82306B9F-AE97-4E29-A8F7-2E5BA52998A7",
              "versionEndExcluding": "3.0.000.115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C903C85-DC0F-47D8-B8BE-7A666877B017",
              "versionEndExcluding": "3.1.000.044",
              "versionStartIncluding": "3.1.000.000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C6F9E0-5DCE-431D-AE7E-B680AC1F9332",
              "versionEndExcluding": "3.2.000.009",
              "versionStartIncluding": "3.2.000.000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CF6199-8028-4076-952B-855984F30129",
              "versionEndExcluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "622BB8D9-AC81-4C0F-A5C5-C5E51F0BC0D1",
              "versionEndExcluding": "4.10.0.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38FB3CE1-5F62-4798-A825-4E3DB07E868F",
              "versionEndExcluding": "5.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29CDB878-B085-448E-AB84-25B1E2D024F8",
              "versionEndExcluding": "5.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C25FDA96-9490-431F-B8B6-CC2CC272670E",
              "versionEndExcluding": "5.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CD9E4C-9385-435C-AD18-6C36C8DF7B65",
              "versionEndExcluding": "2.9.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0AC4C1-CB06-4084-BFBB-5B702C384C53",
              "versionEndExcluding": "2.10.0.1",
              "versionStartIncluding": "2.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3871EBD2-F270-435A-B98C-A282E1C52693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D4DF34B-E8C2-41C8-90E2-D119B50E4E7E",
              "versionEndExcluding": "12.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8EF64DA-73E4-4E5E-8F9A-B837C947722E",
              "versionEndExcluding": "12.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66E1E4FC-0B6E-4CFA-B003-91912F8785B2",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2390C3-C319-4F05-8CF0-0D30F9931507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C154491E-06C7-48B0-AC1D-89BBDBDB902E",
              "versionEndExcluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E98EC48-0CED-4E02-9CCB-06EF751F2BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C569DC2A-CFF6-4E13-A50C-E215A4F96D99",
              "versionEndExcluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "258A51AC-6649-4F67-A842-48A7AE4DCEE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC22505-DE11-4A1B-8C06-1E306419B031",
              "versionEndExcluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E31AC54-B928-48B5-8293-F5F4A7A8C293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8AE870-6FD0-40D2-958B-548E2D7A7B75",
              "versionEndExcluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E7D83B-B6AC-45B1-89A4-D18D7A6018DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17660B09-47AA-42A2-B5FF-8EBD8091C661",
              "versionEndExcluding": "1.12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9A82-16AE-437A-B8CF-CC7E9B6C4E44",
              "versionEndExcluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "843147AE-8117-4FE9-AE74-4E1646D55642",
              "versionEndExcluding": "11.3\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:data_center_network_manager:11.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7EB871C9-CA14-4829-AED3-CC2B35E99E92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FF8A83D-A282-4661-B133-213A8838FB27",
              "versionEndExcluding": "2.1.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "139CDAA5-63E9-4E56-AF72-745BD88E4B49",
              "versionEndExcluding": "2.2.2.8",
              "versionStartIncluding": "2.2.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01FD99C4-BCB1-417E-ADCE-73314AD2E857",
              "versionEndExcluding": "2.2.3.4",
              "versionStartIncluding": "2.2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_spaces\\:_connector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9031BE8A-646A-4581-BDE5-750FB0CE04CB",
              "versionEndExcluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15BED3E2-46FF-4E58-8C5D-4D8FE5B0E527",
              "versionEndExcluding": "11.5\\(4\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C950436-2372-4C4B-9B56-9CB48D843045",
              "versionEndExcluding": "12.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B61F186-D943-4711-B3E0-875BB570B142",
              "versionEndIncluding": "4.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A285C40-170D-4C95-8031-2C6E4D5FB1D4",
              "versionEndExcluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0F02B5-AA2A-48B2-AE43-38B45532C563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "830BDB28-963F-46C3-8D50-638FDABE7F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54553C65-6BFA-40B1-958D-A4E3289D6B1D",
              "versionEndExcluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "439948AD-C95D-4FC3-ADD1-C3D241529F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C2002AE-0F3C-4A06-9B9A-F77A9F700EB2",
              "versionEndExcluding": "2.3.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "596A986D-E7DC-4FC4-A776-6FE87A91D7E4",
              "versionEndExcluding": "1.0.9-361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD93434E-8E75-469C-B12B-7E2B6EDCAA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78684844-4974-41AD-BBC1-961F60025CD2",
              "versionEndExcluding": "6.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A00D235-FC9C-4EB7-A16C-BB0B09802E61",
              "versionEndExcluding": "5.3.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C60FDD1B-898E-4FCB-BDE2-45A7CBDBAF4F",
              "versionEndExcluding": "5.4.5.2",
              "versionStartIncluding": "5.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A33E5F-BBC7-4917-9C63-900248B546D9",
              "versionEndExcluding": "5.5.4.1",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D98A7C-4992-4E58-A6BD-3D8173C8F2B0",
              "versionEndExcluding": "5.6.3.1",
              "versionStartIncluding": "5.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2DDC1AF-31B5-4F05-B84F-8FD23BE163DA",
              "versionEndExcluding": "2.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4540CF6-D33E-4D33-8608-11129D6591FA",
              "versionEndExcluding": "6.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "129A7615-99E7-41F8-8EBC-CEDA10AD89AD",
              "versionEndExcluding": "1.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F46A7AC-C133-442D-984B-BA278951D0BF",
              "versionEndExcluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A75AB6-C3A7-4299-B35A-46A4BCD00816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A73E888-C8C2-4AFD-BA60-566D45214BCA",
              "versionEndExcluding": "14.4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0D0FD0-ABC6-465F-AB8D-FA8788B1B2DD",
              "versionEndExcluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D673F6F7-C42A-4538-96F0-34CB4F0CB080",
              "versionEndExcluding": "20.3.4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD374819-3CED-4260-90B6-E3C1333EAAD2",
              "versionEndExcluding": "20.4.2.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D89973-94AF-4BE7-8245-275F3FEB30F4",
              "versionEndExcluding": "20.5.1.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A9A889-2C2B-4147-8108-C35291761C15",
              "versionEndExcluding": "20.6.2.1",
              "versionStartIncluding": "20.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0EEA1EC-C63C-4C7D-BFAE-BA4556332242",
              "versionEndExcluding": "3.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACE22D97-42FA-4179-99E5-C2EE582DB7FF",
              "versionEndExcluding": "2.0\\(1p\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B5DB6D-9E7D-4403-8028-D7DA7493716B",
              "versionEndExcluding": "6.8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "B98D7AD5-0590-43FB-8AC0-376C9C500C15",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "D9DA1900-9972-4DFD-BE2E-74DABA1ED9A9",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "42A41C41-A370-4C0E-A49D-AD42B2F3FB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "7E958AFF-185D-4D55-B74B-485BEAEC42FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85B81F9-8837-426E-8639-AB0712CD1A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CCCD27-A247-4720-A2FE-C8ED55D1D0DE",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "34D89C42-AAD9-4B04-9F95-F77681E39553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "897C8893-B0B6-4D6E-8D70-31B421D80B9A",
              "versionEndExcluding": "11.6\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "91D62A73-21B5-4D16-A07A-69AED2D40CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0492049-D3AC-4512-A4BF-C9C26DA72CB0",
              "versionEndExcluding": "12.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3868A8AA-6660-4332-AB0C-089C150D00E7",
              "versionEndExcluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BD72D6-4A79-49C9-9652-AB0136A591FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32761FD-B435-4E51-807C-2B245857F90E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "154F7F71-53C5-441C-8F5C-0A82CB0DEC43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65FD3873-2663-4C49-878F-7C65D4B8E455",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0886FB04-24AA-4995-BA53-1E44F94E114E",
              "versionEndExcluding": "7.14.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61805C1-1F73-462C-A9CA-BB0CA4E57D0B",
              "versionEndExcluding": "2.6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB39834-0F6D-4BD7-AFEC-DD8BEE46DA50",
              "versionEndExcluding": "3.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B78DD21-15F2-47A4-8A99-6DB6756920AC",
              "versionEndExcluding": "3.4.4",
              "versionStartIncluding": "3.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C6222EB-36E1-4CD5-BD69-5A921ED5DA6A",
              "versionEndExcluding": "12.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C200CABD-F91B-49C4-A262-C56370E44B4C",
              "versionEndExcluding": "7.3.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "61D1081F-87E8-4E8B-BEBD-0F239E745586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "8D138973-02B0-4FEC-A646-FF1278DA1EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "14DBEC10-0641-441C-BE15-8F72C1762DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*",
              "matchCriteriaId": "205C1ABA-2A4F-480F-9768-7E3EC43B03F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*",
              "matchCriteriaId": "D36FE453-C43F-448B-8A59-668DE95468C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*",
              "matchCriteriaId": "E8DF0944-365F-4149-9059-BDFD6B131DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*",
              "matchCriteriaId": "6B37AA08-13C7-4FD0-8402-E344A270C8F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*",
              "matchCriteriaId": "2AA56735-5A5E-4D8C-B09D-DBDAC2B5C8E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*",
              "matchCriteriaId": "4646849B-8190-4798-833C-F367E28C1881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "B36A9043-0621-43CD-BFCD-66529F937859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "8842B42E-C412-4356-9F54-DFC53B683D3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "D25BC647-C569-46E5-AD45-7E315EBEB784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B468EDA1-CDEF-44D4-9D62-C433CF27F631",
              "versionEndExcluding": "3.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90C6CD1-4678-4621-866B-F0CE819C8000",
              "versionEndExcluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E4905E2-2129-469C-8BBD-EDA258815E2B",
              "versionEndExcluding": "10.2.1v2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC86AC6C-7C08-4EB9-A588-A034113E4BB1",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "957D64EB-D60E-4775-B9A8-B21CA48ED3B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "82C8AD48-0130-4C20-ADEC-697668E2293B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E75EF7C-8D71-4D70-91F0-74FC99A90CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB7EE7D-8CB4-4804-9F9D-F235608E86E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77571973-2A94-4E15-AC5B-155679C3C565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA405A50-3F31-48ED-9AF1-4B02F5B367DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3753953-04E8-4382-A6EC-CD334DD83CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A5F89F-1296-4A0F-A36D-082A481F190F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F50F48AF-44FF-425C-9685-E386F956C901",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D28E76-56D4-4C9A-A660-7CD7E0A1AC9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD975A0E-00A6-475E-9064-1D64E4291499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2E50AC21-DA54-4BC8-A503-1935FD1714C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4D05E169-4AF1-4127-A917-056EC2CE781B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.4\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD415A2-422E-4F15-A177-C3696FEAFF0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "134443B7-7BA8-4B50-8874-D4BF931BECFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "73ADF6EA-CD29-4835-8D72-84241D513AFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC1A386-04C7-45B2-A883-1CD9AB60C14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.001\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3F0F1639-D69E-473A-8926-827CCF73ACC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.002\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FDF900-E9D6-454A-BF6B-821620CA59F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1859BD43-BA2B-45A5-B523-C6BFD34C7B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.001\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBC145C-9A2F-4B76-953E-0F690314511C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.002\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "158B7A53-FEC1-4B42-A1E2-E83E99564B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.010\\(000.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3A378971-1A08-4914-B012-8E24DCDEFC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CC012-DC85-481A-B82A-9323C19674DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*",
              "matchCriteriaId": "76CF59ED-685D-46CD-80A2-AEDA4F03FE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "960B07C0-E205-47E7-B578-46A0AF559D04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A194E1-405E-47FA-8CDF-58EB78883ACC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E628231-61FB-40AF-A20B-00F5CB78E63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EA25E92-2C76-4722-BA06-53F33C0D961C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D2940A-0D03-415B-B72E-1F6862DDAC41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B346ADC-00BE-4409-B658-A11351D2A7D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A0E44A9-C427-493B-868A-8A8DA405E759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2B31E7C-0EB3-4996-8859-DF94A3EE20B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EAB3E03-275F-4942-9396-FC7A22F42C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "19DAD751-D170-4914-BAB2-6054DFEEF404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F429F37-3576-4D8A-9901-359D65EC3CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F526DEF1-4A3E-4FE1-8153-E9252DAE5B92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C19679D0-F4DC-4130-AFFD-692E5130531A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60D2FBF3-D8AB-41F0-B170-9E56FBF7E2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F60324DD-8450-4B14-A7A1-0D5EA5163580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F6DFD1-273B-4292-A22C-F2BE0DD3FB3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EA024C-97A4-4D33-BC3E-51DB77C51E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "85289E35-C7C2-46D0-9BDC-10648DD2C86F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "17282822-C082-4FBC-B46D-468DCF8EF6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5463DA6-5D44-4C32-B46C-E8A2ADD7646B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A237CF-A439-4114-AF81-D75582F29573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37D19BF-E4F5-4AF4-8942-0C3B62C4BF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.65000.14\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EF25688B-6659-4C7C-866D-79AA1166AD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.66000.14\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "47B70741-90D9-4676-BF16-8A21E147F532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED862A1B-E558-4D44-839C-270488E735BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2678AF98-1194-4810-9933-5BA50E409F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "37E7DEBD-9E47-4D08-86BC-D1B013450A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A935862-18F7-45FE-B647-1A9BA454E304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69594997-2568-4C10-A411-69A50BFD175F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC39E2D-C47B-4311-BC7B-130D432549F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5E6CBE-D82C-4001-87CB-73DF526F0AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "460E6456-0E51-45BC-868E-DEEA5E3CD366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F58659-A318-42A0-83C5-8F09FCD78982",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su1:*:*:*:*:*:*",
              "matchCriteriaId": "D8A49E46-8501-4697-A17A-249A7D9F5A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su2:*:*:*:*:*:*",
              "matchCriteriaId": "5D81E7A9-0C2B-4603-91F0-ABF2380DBBA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "4DFCE723-9359-40C7-BA35-B71BDF8E3CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*",
              "matchCriteriaId": "28B1524E-FDCA-4570-86DD-CE396271B232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*",
              "matchCriteriaId": "74DC6F28-BFEF-4D89-93D5-10072DAC39C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*",
              "matchCriteriaId": "BA1D60D7-1B4A-4EEE-A26C-389D9271E005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D726F07-06F1-4B0A-B010-E607E0C2A280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED58B0E-FCC7-48E3-A5C0-6CC54A38BAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E168ED-D664-4749-805E-77644407EAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:002.004\\(000.914\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "808F8065-BD3A-4802-83F9-CE132EDB8D34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:002.006\\(000.156\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "B236B13E-93B9-424E-926C-95D3DBC6CA5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:002.007\\(000.356\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "8A63CC83-0A6E-4F33-A1BE-214A33B51518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:003.000\\(000.458\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "37DB7759-6529-46DE-B384-10F060D86A97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:003.001\\(000.518\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "8C640AD9-146E-488A-B166-A6BB940F97D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:003.002\\(000.116\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "DAC1FA7E-CB1B-46E5-A248-ABACECFBD6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\\(002.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3BD5AF-9FC1-494B-A676-CC3D4B8EAC8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F477CACA-2AA0-417C-830D-F2D3AE93153A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3BE5E1-A6B6-46C7-B93B-8A9F5AEA2731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E0BB7B-0716-4DBD-89B9-BA11AAD77C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_assurance_engine:6.0\\(2.1912\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "64C98A76-0C31-45E7-882B-35AE0D2C5430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "379F8D86-BE87-4250-9E85-494D331A0398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "71F69E51-E59D-4AE3-B242-D6D2CFDB3F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "578DA613-8E15-4748-A4B7-646415449609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "544EFAD6-CE2F-4E1D-9A00-043454B72889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2E16DF9C-3B64-4220-82B6-6E20C7807BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B9CD5B8A-9846-48F1-9495-77081E44CBFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "68E6CD49-6F71-4E17-B046-FBE91CE91CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD8018-7E77-4C89-917E-ACDC678A7DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_insights_for_data_center:6.0\\(2.1914\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D39156-A47D-405E-8C02-CAE7D637F99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5426FC59-411D-4963-AFEF-5B55F68B8958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "810E9A92-4302-4396-94D3-3003947DB2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:8.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "522C36A5-7520-4368-BD92-9AB577756493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:8.4\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EC4BE-FFAF-4605-8A96-2FEF35975540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1D3C2A-E5FA-400C-AC01-27A3E5160477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:9.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "63B27050-997B-4D54-8E5A-CE9E33904318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:9.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABF05B8-1B8A-4CCF-A1AD-D8602A247718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:9.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2F74580D-0011-4ED9-9A00-B4CDB6685154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:12.5\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "17A3C22E-1980-49B6-8985-9FA76A77A836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:14.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B1AB42DC-CE58-448A-A6B5-56F31B15F4A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC32B55-0C76-4669-8EAD-DCC16355E887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDA737F-337E-4C30-B68D-EF908A8D6840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC5A89C-CCCF-49EC-B4FC-AB98ACB79233",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BA4F513-CBA1-4523-978B-D498CEDAE0CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C53C6FD-B98E-4F7E-BA4D-391C90CF9E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D00F6719-2C73-4D8D-8505-B9922E8A4627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFE9210F-39C5-4828-9608-6905C1D378D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1CEDCE4-CFD1-434B-B157-D63329CBA24A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33660EB8-2984-4258-B8AD-141B7065C85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ACA346D-5103-47F0-8BD9-7A8AD9B92E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38BDF03-23C8-4BB6-A44D-68818962E7CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3104C099-FEDA-466B-93CC-D55F058F7CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "890EA1C7-5990-4C71-857F-197E6F5B4089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F21CF4-83FE-4529-9871-0FDD70D3095E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9331834-9EAD-46A1-9BD4-F4027E49D0C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0E707E44-12CD-46C3-9124-639D0265432E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEE8482-DB64-4421-B646-9E5F560D1712",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4385CE6E-6283-4621-BBD9-8E66E2A34843",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6CDBD4-889B-442D-B272-C8E9A1B6AEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1E59F9-CF4F-4EFB-872C-5F503A04CCF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1f\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1782219F-0C3D-45B7-80C7-D1DAA70D90B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1g\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DDAB3BAD-1EC6-4101-A58D-42DA48D04D0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1h\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8F7AA674-6BC2-490F-8D8A-F575B11F4BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1k\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6945C4DE-C070-453E-B641-2F5B9CFA3B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1l\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DAB8C7C0-D09B-4232-A88E-57D25AF45457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.17900.52\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ACEDB7B4-EBD4-4A37-9EE3-07EE3B46BE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18119.2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "820D579C-AA45-4DC1-945A-748FFCD51CA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18900.97\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B23A9A6-CD04-4D76-BE3F-AFAFBB525F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.21900.40\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A44E6007-7A3A-4AD3-9A65-246C59B73FB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.22900.28\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3D508E51-4075-4E34-BB7C-65AF9D56B49F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "376D06D5-D68E-4FF0-97E5-CBA2165A05CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1.22900.6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "18ED6B8F-2064-4BBA-A78D-4408F13C724D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system:006.008\\(001.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "94091FE3-AB88-4CF5-8C4C-77B349E716A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "91D62A73-21B5-4D16-A07A-69AED2D40CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "53F1314A-9A2C-43DC-8203-E4654EF013CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADE468B-8F0C-490D-BB4C-358D947BA8E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "32FEE78D-309E-491D-9AB6-98005F1CBF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "878D9901-675D-4444-B094-0BA505E7433F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "66E25EE4-AB7B-42BF-A703-0C2E83E83577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):su1:*:*:*:*:*:*",
              "matchCriteriaId": "D8F35520-F04A-4863-A1BC-0EDD2D1804F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9855FD-7747-4D9E-9542-703B1EC9A382",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E07AF386-D8A5-44F5-A418-940C9F88A36A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "113C77DA-AC22-4D67-9812-8510EFC0A95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE221AB-A3B0-4CFF-9BC0-777773C2EF63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "15941265-1E7E-4C3E-AF1D-027C5E0D3141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "54AA2B0C-92A1-4B53-88D7-6E31120F5041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F9BD7207-85FB-4484-8720-4D11F296AC10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "62E009C4-BE3E-4A14-91EF-8F667B2220A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es01:*:*:*:*:*:*",
              "matchCriteriaId": "088512E1-434D-4685-992E-192A98ECAD9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es02:*:*:*:*:*:*",
              "matchCriteriaId": "50A7BBC6-077C-4182-AA7A-577C4AAC3CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "E0536F45-3A49-4F93-942E-AF679DFC7017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3D54794B-6CD5-46D7-B9E9-62A642143562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(001\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BE844DCA-FF52-43F5-BDD9-836A812A8CFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "07B261EB-CA63-4796-BD15-A6770FD68B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(001\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "29F9067A-B86C-4A6B-ACB7-DB125E04B795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_workforce_optimization:11.5\\(1\\):sr7:*:*:*:*:*:*",
              "matchCriteriaId": "FAC4CC92-8BA0-4D96-9C48-5E311CDED53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2437A5-217A-4CD1-9B72-A31BDDC81F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9C3CFF0D-BD70-4353-AE2F-6C55F8DE56A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(1.26\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE47760-0E71-4FCA-97D1-CF0BB71CAC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(2.26\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "89B2D4F5-CB86-4B25-8C14-CED59E8A3F22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(3.025\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B150B636-6267-4504-940F-DC37ABEFB082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(4.018\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D00B9911-A7CA-467E-B7A3-3AF31828D5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B67C08C3-412F-4B7F-B98C-EEAEE77CBE4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D428C9B-53E1-4D26-BB4D-57FDE02FA613",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB41596-FACF-440A-BB6C-8CAD792EC186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C88EE2-5702-4E8B-A144-CB485435FD62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC62844-C608-4DB1-A1AD-C1B55128C560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF2FFA4-358A-4F33-BC67-A9EF8A30714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "53C0BBDE-795E-4754-BB96-4D6D4B5A804F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A41E377-16F9-423F-8DC2-F6EDD54E1069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0C2789E-255B-45D9-9469-B5B549A01F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAFEC61-2128-4BFA-992D-54742BD4911A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12AF70E-2201-4F5D-A929-A1A057B74252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2CBCDC4-02DF-47F4-A01C-7CBCB2FF0163",
              "versionEndExcluding": "8.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42D44C8-9894-4183-969B-B38FDA1FEDF9",
              "versionEndExcluding": "3.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*",
              "matchCriteriaId": "8CD3B3D3-CC14-4278-9914-F7C6E86D3119",
              "versionEndExcluding": "6.4.3.2",
              "versionStartIncluding": "6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*",
              "matchCriteriaId": "0C5D6BF7-A818-4C7D-A305-91EB622271AC",
              "versionEndExcluding": "6.2.4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E0A04D-30BE-4AB3-85A1-13AF614C425C",
              "versionEndIncluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0755E91-2F36-4EC3-8727-E8BF0427E663",
              "versionEndExcluding": "13.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
    },
    {
      "lang": "es",
      "value": "Las caracter\u00edsticas JNDI de Apache Log4j2 2.0-beta9 hasta 2.15.0 (excluyendo las versiones de seguridad 2.12.2, 2.12.3 y 2.3.1) utilizadas en la configuraci\u00f3n, los mensajes de registro y los par\u00e1metros no protegen contra LDAP controlado por un atacante y otros puntos finales relacionados con JNDI. Un atacante que pueda controlar los mensajes de registro o los par\u00e1metros de los mensajes de registro puede ejecutar c\u00f3digo arbitrario cargado desde servidores LDAP cuando la sustituci\u00f3n de la b\u00fasqueda de mensajes est\u00e1 habilitada. A partir de la versi\u00f3n 2.15.0 de log4j, este comportamiento ha sido deshabilitado por defecto. A partir de la versi\u00f3n 2.16.0 (junto con las versiones 2.12.2, 2.12.3 y 2.3.1), esta funcionalidad se ha eliminado por completo. Tenga en cuenta que esta vulnerabilidad es espec\u00edfica de log4j-core y no afecta a log4net, log4cxx u otros proyectos de Apache Logging Services"
    }
  ],
  "id": "CVE-2021-44228",
  "lastModified": "2024-11-21T06:30:38.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-10T10:15:09.143",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/cisagov/log4j-affected-db"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Product",
        "US Government Resource"
      ],
      "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://logging.apache.org/log4j/2.x/security.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213189"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5020"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/930724"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/cisagov/log4j-affected-db"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Product",
        "US Government Resource"
      ],
      "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://logging.apache.org/log4j/2.x/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/930724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-400"
        },
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security@apache.org",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

cve-2021-1617
Vulnerability from cvelistv5
Published
2021-07-22 15:20
Modified
2024-11-07 22:05
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSxvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:11.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210721 Cisco Intersight Virtual Appliance Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1617",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:43:32.040703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:05:43.687Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Intersight Virtual Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T15:20:22",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210721 Cisco Intersight Virtual Appliance Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucsi2-dtcinj-yH5U4RSx",
        "defect": [
          [
            "CSCvy29621",
            "CSCvy29622"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Intersight Virtual Appliance Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-07-21T16:00:00",
          "ID": "CVE-2021-1617",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Intersight Virtual Appliance Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Intersight Virtual Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-36"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210721 Cisco Intersight Virtual Appliance Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ucsi2-dtcinj-yH5U4RSx",
          "defect": [
            [
              "CSCvy29621",
              "CSCvy29622"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1617",
    "datePublished": "2021-07-22T15:20:22.389518Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:05:43.687Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-44228
Vulnerability from cvelistv5
Published
2021-12-10 00:00
Modified
2024-08-04 04:17
Severity ?
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
https://logging.apache.org/log4j/2.x/security.html
http://www.openwall.com/lists/oss-security/2021/12/10/1mailing-list
http://www.openwall.com/lists/oss-security/2021/12/10/2mailing-list
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisory
http://www.openwall.com/lists/oss-security/2021/12/10/3mailing-list
https://security.netapp.com/advisory/ntap-20211210-0007/
http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
https://www.debian.org/security/2021/dsa-5020vendor-advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00007.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/vendor-advisory
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/vendor-advisory
http://www.openwall.com/lists/oss-security/2021/12/13/2mailing-list
http://www.openwall.com/lists/oss-security/2021/12/13/1mailing-list
http://www.openwall.com/lists/oss-security/2021/12/14/4mailing-list
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisory
https://www.kb.cert.org/vuls/id/930724third-party-advisory
https://twitter.com/kurtseifried/status/1469345530182455296
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisory
http://www.openwall.com/lists/oss-security/2021/12/15/3mailing-list
http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/vendor-advisory
http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://www.oracle.com/security-alerts/cpujan2022.html
http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2022/Mar/23mailing-list
https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
https://github.com/cisagov/log4j-affected-db
https://support.apple.com/kb/HT213189
https://www.oracle.com/security-alerts/cpuapr2022.html
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html
http://seclists.org/fulldisclosure/2022/Jul/11mailing-list
http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
http://seclists.org/fulldisclosure/2022/Dec/2mailing-list
http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:17:24.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://logging.apache.org/log4j/2.x/security.html"
          },
          {
            "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
          },
          {
            "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
          },
          {
            "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
          },
          {
            "name": "DSA-5020",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5020"
          },
          {
            "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
          },
          {
            "name": "FEDORA-2021-f0f501d01f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
          },
          {
            "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
          },
          {
            "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
          },
          {
            "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
          },
          {
            "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
          },
          {
            "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "VU#930724",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/930724"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
          },
          {
            "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
          },
          {
            "name": "FEDORA-2021-66d6c484f3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
          },
          {
            "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cisagov/log4j-affected-db"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213189"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
          },
          {
            "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
          },
          {
            "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Log4j2",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.3.1",
                  "status": "unaffected"
                },
                {
                  "at": "2.4",
                  "status": "affected"
                },
                {
                  "at": "2.12.2",
                  "status": "unaffected"
                },
                {
                  "at": "2.13.0",
                  "status": "affected"
                },
                {
                  "at": "2.15.0",
                  "status": "unaffected"
                }
              ],
              "lessThan": "log4j-core*",
              "status": "affected",
              "version": "2.0-beta9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "critical"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-03T00:00:00",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
        },
        {
          "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
        },
        {
          "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
        },
        {
          "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
        },
        {
          "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
        },
        {
          "name": "DSA-5020",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5020"
        },
        {
          "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
        },
        {
          "name": "FEDORA-2021-f0f501d01f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
        },
        {
          "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
        },
        {
          "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
        },
        {
          "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
        },
        {
          "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "VU#930724",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/930724"
        },
        {
          "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
        },
        {
          "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
        },
        {
          "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
        },
        {
          "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
        },
        {
          "name": "FEDORA-2021-66d6c484f3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
        },
        {
          "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
        },
        {
          "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
        },
        {
          "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
        },
        {
          "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
        },
        {
          "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
        },
        {
          "url": "https://github.com/cisagov/log4j-affected-db"
        },
        {
          "url": "https://support.apple.com/kb/HT213189"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
        },
        {
          "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
        },
        {
          "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
        },
        {
          "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
        },
        {
          "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
        },
        {
          "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-44228",
    "datePublished": "2021-12-10T00:00:00",
    "dateReserved": "2021-11-26T00:00:00",
    "dateUpdated": "2024-08-04T04:17:24.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20237
Vulnerability from cvelistv5
Published
2023-08-16 21:00
Modified
2024-08-02 09:05
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:35.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-intersight-forward-C45ncgqb",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Intersight Virtual Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.9-503"
            },
            {
              "status": "affected",
              "version": "1.0.9-536"
            },
            {
              "status": "affected",
              "version": "1.0.9-538"
            },
            {
              "status": "affected",
              "version": "1.0.9-558"
            },
            {
              "status": "affected",
              "version": "1.0.9-561"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible.\r\n\r This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:58:28.408Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-intersight-forward-C45ncgqb",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb"
        }
      ],
      "source": {
        "advisory": "cisco-sa-intersight-forward-C45ncgqb",
        "defects": [
          "CSCwf38029"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20237",
    "datePublished": "2023-08-16T21:00:25.948Z",
    "dateReserved": "2022-10-27T18:47:50.370Z",
    "dateUpdated": "2024-08-02T09:05:35.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1600
Vulnerability from cvelistv5
Published
2021-07-22 15:20
Modified
2024-11-07 22:05
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:10.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210721 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:41:07.869463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:05:23.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Intersight Virtual Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T15:20:39",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210721 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucsi2-iptaclbp-L8Dzs8m8",
        "defect": [
          [
            "CSCvx84462",
            "CSCvy29625"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-07-21T16:00:00",
          "ID": "CVE-2021-1600",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Intersight Virtual Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.3",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210721 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ucsi2-iptaclbp-L8Dzs8m8",
          "defect": [
            [
              "CSCvx84462",
              "CSCvy29625"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1600",
    "datePublished": "2021-07-22T15:20:39.303123Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:05:23.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1601
Vulnerability from cvelistv5
Published
2021-07-22 15:20
Modified
2024-11-07 22:05
Severity ?
8.3 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:10.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210721 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:41:09.416636Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:05:30.895Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Intersight Virtual Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T15:20:33",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210721 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucsi2-iptaclbp-L8Dzs8m8",
        "defect": [
          [
            "CSCvx84462",
            "CSCvy29625"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-07-21T16:00:00",
          "ID": "CVE-2021-1601",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Intersight Virtual Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.3",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210721 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ucsi2-iptaclbp-L8Dzs8m8",
          "defect": [
            [
              "CSCvx84462",
              "CSCvy29625"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1601",
    "datePublished": "2021-07-22T15:20:33.790368Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:05:30.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-34748
Vulnerability from cvelistv5
Published
2021-10-06 19:46
Modified
2024-11-07 21:48
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2Rvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:48.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20211006 Cisco Intersight Virtual Appliance Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34748",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:42:57.766795Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T21:48:51.538Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Intersight Virtual Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-10-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T19:46:10",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20211006 Cisco Intersight Virtual Appliance Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucsi2-command-inject-CGyC8y2R",
        "defect": [
          [
            "CSCvz08353"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Intersight Virtual Appliance Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-10-06T16:00:00",
          "ID": "CVE-2021-34748",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Intersight Virtual Appliance Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Intersight Virtual Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20211006 Cisco Intersight Virtual Appliance Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ucsi2-command-inject-CGyC8y2R",
          "defect": [
            [
              "CSCvz08353"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-34748",
    "datePublished": "2021-10-06T19:46:10.695131Z",
    "dateReserved": "2021-06-15T00:00:00",
    "dateUpdated": "2024-11-07T21:48:51.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1618
Vulnerability from cvelistv5
Published
2021-07-22 15:20
Modified
2024-11-07 22:05
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSxvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:10.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210721 Cisco Intersight Virtual Appliance Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1618",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:43:33.942432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:05:50.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Intersight Virtual Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-07-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T15:20:16",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210721 Cisco Intersight Virtual Appliance Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucsi2-dtcinj-yH5U4RSx",
        "defect": [
          [
            "CSCvy29621",
            "CSCvy29622"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Intersight Virtual Appliance Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-07-21T16:00:00",
          "ID": "CVE-2021-1618",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Intersight Virtual Appliance Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Intersight Virtual Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-36"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210721 Cisco Intersight Virtual Appliance Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ucsi2-dtcinj-yH5U4RSx",
          "defect": [
            [
              "CSCvy29621",
              "CSCvy29622"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1618",
    "datePublished": "2021-07-22T15:20:16.633697Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:05:50.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}