Cisco Umbrella Link and CSV Formula Injection Vulnerabilities
CVE-2021-1474

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Umbrella Insights Virtual Appliance
Vendor: CVE Published:; 8 April 2021

Badges

👾 Exploit Exists

Summary

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected Version(s)

Cisco Umbrella Insights Virtual Appliance

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Nov 13, 2020