Common Services Platform Collector
CVE-2021-40129
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database.
AnalysisAI
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to submit a SQL query through the CSPC configuration dashboard. This vulnerability is due to insufficient input validation of uploaded files. An attacker could exploit this vulnerability by uploading a file containing a SQL query to the configuration dashboard. A successful exploit could allow the attacker to read restricted information from the CSPC SQL database. Affected products include: Cisco Common Services Platform Collector.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker t
A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authent
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Softwa
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today