Vulnerabilities > CVE-2021-1264 - Unspecified vulnerability in Cisco DNA Center

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cisco

NVD

Published: 2021-01-20

Updated: 2024-11-21

Summary

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco DNA Center - Cisco DNA Center 1.1.2 Cisco DNA Center 1.1.3 Cisco DNA Center 1.1.4 Cisco DNA Center 1.1.5 Cisco DNA Center 1.1.6 Cisco DNA Center 1.1.7 Cisco DNA Center 1.1.8 Cisco DNA Center 1.2 Cisco DNA Center 1.2.1 Cisco DNA Center 1.2.2 Cisco DNA Center 1.2.3 Cisco DNA Center 1.2.4 Cisco DNA Center 1.2.5 Cisco DNA Center 1.2.6 Cisco DNA Center 1.2.8 Cisco DNA Center 1.2.10 Cisco DNA Center 1.2.10.4 Cisco DNA Center 1.2.10.5 Cisco DNA Center 1.2.12 Cisco DNA Center 1.2.12.1 Cisco DNA Center 1.2.12.2 Cisco DNA Center 1.3 Cisco DNA Center 1.3.0.2 Cisco DNA Center 1.3.0.3 Cisco DNA Center 1.3.0.4 Cisco DNA Center 1.3.0.5 Cisco DNA Center 1.3.0.6 Cisco DNA Center 1.3.0.7	29

Summary

Vulnerable Configurations

References