CVE-2021-1538 — Vulnetix

CVE-2021-1538 PUBLISHED CVSS 4.699999809265137 MEDIUM

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root.

EPSS 1.71% · 82.7th percentile

Risk Scores

CVSS 3.1

4.699999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

EPSS Score

1.71%

82.7th percentile

Affected Products

Vendor	Product	Versions
cisco	common_services_platform_collector	0
Cisco	Cisco Common Services Platform Collector Software	n/a

Exploit Intelligence

20210602 Cisco Common Services Platform Collector Command Injection Vulnerability (circl)

Timeline

Jun 4, 2021 CVE Published
Jun 5, 2021 EPSS Score
Aug 7, 2021 EPSS Score
Dec 7, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 6, 2022 EPSS Score
Apr 8, 2022 EPSS Score
Jun 8, 2022 EPSS Score
Aug 9, 2022 EPSS Score
Oct 8, 2022 EPSS Score
Feb 7, 2023 EPSS Score

References

20210602 Cisco Common Services Platform Collector Command Injection Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-1538 advisory

Open in Interactive Console →