CVE-2021-1140

Name of the Vulnerable Software and Affected Versions Cisco Smart Software Manager Satellite (affected versions not specified) Cisco Smart Software Manager On-Prem (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite and Cisco Smart Software Manager On-Prem. These vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability in Cisco Smart Software Manager On-Prem is associated with insufficient input validation, which can be exploited by a remote attacker to execute arbitrary commands with elevated privileges.

Recommendations For Cisco Smart Software Manager Satellite, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Smart Software Manager On-Prem, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web UI to minimize the risk of exploitation.