CVE-2021-1306

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions (affected versions not specified) Cisco Evolved Programmable Network (EPN) Manager versions (affected versions not specified) Cisco Identity Services Engine versions (affected versions not specified)

Description The issue is related to improper external control of a file name or path, allowing an attacker to write arbitrary files. This is due to improper validation of parameters sent to a CLI command within the restricted shell. An attacker could exploit this by logging in to the device and issuing certain CLI commands, potentially identifying directories and writing arbitrary files to the file system. The attacker must be an authenticated shell user to exploit this issue.

Recommendations For Cisco Prime Infrastructure, restrict access to the restricted shell until a fix is available. For Cisco Evolved Programmable Network (EPN) Manager, consider disabling the CLI command that allows writing arbitrary files to the file system as a temporary workaround. For Cisco Identity Services Engine, limit the privileges of authenticated shell users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.