Published: 22/05/2021 Updated: 07/11/2023

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 3.4 | Impact Score: 2.5 | Exploitability Score: 0.8

VMScore: 320

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local malicious user to identify directories and write arbitrary files to the file system. This vulnerability is due to improper validation of parameters that are sent to a CLI command within the restricted shell. An attacker could exploit this vulnerability by logging in to the device and issuing certain CLI commands. A successful exploit could allow the malicious user to identify file directories on the affected device and write arbitrary files to the file system on the affected device. To exploit this vulnerability, the attacker must be an authenticated shell user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco identity services engine 2.7.0
cisco identity services engine 3.0.0
cisco identity services engine
cisco evolved programmable network manager
cisco prime infrastructure 3.8.1
cisco prime infrastructure

A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system This vulnerability is due to improper validation of parameters that are s ...

CWE-610 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ade-xcvAQEOZ

CVE-2021-1306

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect