CVE-2021-1618 (CNNVD-202107-1702)
中文标题:
Cisco Intersight 操作系统命令注入漏洞
英文标题:
Cisco Intersight Virtual Appliance Vulnerabilities
漏洞描述
中文描述:
Cisco Intersight是美国思科(Cisco)公司的一个应用平台。提供了智能管理级别,使 IT 组织能够以比前几代工具更先进的方式分析、简化和自动化其环境。 Cisco Intersight Virtual Appliance 的web管理界面存在操作系统命令注入漏洞,该漏洞源于输入验证不足,允许经过身份验证的远程攻击者对受影响的系统进行路径遍历或命令注入。
英文描述:
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Intersight Virtual Appliance | n/a | - | - |
cpe:2.3:a:cisco:cisco_intersight_virtual_appliance:n_a:*:*:*:*:*:*:*
|
| cisco | intersight_virtual_appliance | * | - | - |
cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2021-1618 |
2025-11-11 15:20:46 | 2025-11-11 07:36:34 |
| NVD | nvd_CVE-2021-1618 |
2025-11-11 14:57:39 | 2025-11-11 07:44:55 |
| CNNVD | cnnvd_CNNVD-202107-1702 |
2025-11-11 15:10:41 | 2025-11-11 07:56:49 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-202107-1702
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']