cnvd - cnvd-2021-39678

CNVD-2021-39678

Vulnerability from cnvd - Published: 2021-06-05

Title

Cisco Common Services Platform Collector命令注入漏洞

Description

Cisco Common Services Platform Collector (CSPC)是一款基于SNMP的工具，可从网络上安装的Cisco设备发现并收集信息。 Cisco Common Services Platform Collector 2.9.1之前版本的配置仪表板存在命令注入漏洞。该漏洞源于对配置条目的验证不足。超级管理员可通过在CSPC配置仪表板上将特制内容输入配置选项利用该漏洞以root权限执行任意代码。目前没有详细的漏洞细节提供。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

https://tools.cisco.com/security/center/home.x

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-1538

Impacted products

Name
Cisco Cisco Common Services Platform Collector <2.9.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-1538",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-1538"
    }
  },
  "description": "Cisco Common Services Platform Collector (CSPC)\u662f\u4e00\u6b3e\u57fa\u4e8eSNMP\u7684\u5de5\u5177\uff0c\u53ef\u4ece\u7f51\u7edc\u4e0a\u5b89\u88c5\u7684Cisco\u8bbe\u5907\u53d1\u73b0\u5e76\u6536\u96c6\u4fe1\u606f\u3002\n\nCisco Common Services Platform Collector 2.9.1\u4e4b\u524d\u7248\u672c\u7684\u914d\u7f6e\u4eea\u8868\u677f\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u914d\u7f6e\u6761\u76ee\u7684\u9a8c\u8bc1\u4e0d\u8db3\u3002\u8d85\u7ea7\u7ba1\u7406\u5458\u53ef\u901a\u8fc7\u5728CSPC\u914d\u7f6e\u4eea\u8868\u677f\u4e0a\u5c06\u7279\u5236\u5185\u5bb9\u8f93\u5165\u914d\u7f6e\u9009\u9879\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://tools.cisco.com/security/center/home.x",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-39678",
  "openTime": "2021-06-05",
  "products": {
    "product": "Cisco Cisco Common Services Platform Collector \u003c2.9.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-1538",
  "serverity": "\u4e2d",
  "submitTime": "2021-06-03",
  "title": "Cisco Common Services Platform Collector\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2021-1538 (GCVE-0-2021-1538)

Vulnerability from cvelistv5 – Published: 2021-06-04 16:45 – Updated: 2024-11-07 22:09

Title

Cisco Common Services Platform Collector Command Injection Vulnerability

Summary

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-78

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Common Services Platform Collector Software	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210602 Cisco Common Services Platform Collector Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1538",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:41:44.725563Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:09:33.776Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Common Services Platform Collector Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-06-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-04T16:45:53",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210602 Cisco Common Services Platform Collector Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu"
        }
      ],
      "source": {
        "advisory": "cisco-sa-CSPC-CIV-kDuBfNfu",
        "defect": [
          [
            "CSCvx73324"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Common Services Platform Collector Command Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-06-02T16:00:00",
          "ID": "CVE-2021-1538",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Common Services Platform Collector Command Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Common Services Platform Collector Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.7",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210602 Cisco Common Services Platform Collector Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CSPC-CIV-kDuBfNfu"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-CSPC-CIV-kDuBfNfu",
          "defect": [
            [
              "CSCvx73324"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1538",
    "datePublished": "2021-06-04T16:45:54.074879Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:09:33.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-39678

CVE-2021-1538 (GCVE-0-2021-1538)

Tags

Sightings

Nomenclature