PT-2021-1953 · Cisco · Cisco Smart Software Manager Satellite+1

Published

2021-01-20

Updated

2022-09-20

CVE-2021-1139

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Smart Software Manager On-Prem (affected versions not specified) Cisco Smart Software Manager Satellite (affected versions not specified)

Description The issue is related to insufficient input validation in the web interface of the software, which could allow a remote attacker to execute arbitrary commands on the underlying operating system with root privileges.

Recommendations For Cisco Smart Software Manager On-Prem, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Smart Software Manager Satellite, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-20

Related Identifiers

BDU:2021-00759

CVE-2021-1139

Affected Products

Cisco Smart Software Manager On-Prem

Cisco Smart Software Manager Satellite

PT-2021-1953 · Cisco · Cisco Smart Software Manager Satellite+1

CVE-2021-1139

Weakness Enumeration

Related Identifiers

Affected Products

References · 5