Cisco Common Services Platform Collector SQL Injection Vulnerability
CVE-2021-40129

4.9MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Common Services Platform Collector Software
Vendor: CVE Published:; 19 November 2021

Badges

👾 Exploit Exists

Summary

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database.

Affected Version(s)

Cisco Common Services Platform Collector Software

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
Nov 19, 2021
Vulnerability Reserved
Aug 25, 2021