CVE-2021-1617

Name of the Vulnerable Software and Affected Versions Cisco Intersight Virtual Appliance (affected versions not specified)

Description The issue is due to insufficient input validation in the web-based management interface of Cisco Intersight Virtual Appliance, allowing an authenticated, remote attacker to conduct a path traversal or command injection attack. An attacker could exploit this by using the web-based management interface to execute a command using crafted input or upload a file altered using path traversal techniques. A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.