CVE-2021-1531 is a vulnerability in Cisco Modeling Labs
Published on May 22, 2021
Cisco Modeling Labs Web UI Command Injection Vulnerability
A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected server. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web application, virl2, on the underlying operating system of the affected server. To exploit this vulnerability, the attacker must have valid user credentials on the web UI.
Vulnerability Analysis
CVE-2021-1531 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2021-1531. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an Argument Injection Vulnerability?
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
CVE-2021-1531 has been classified to as an Argument Injection vulnerability or weakness.
Products Associated with CVE-2021-1531
Want to know whenever a new CVE is published for Cisco Modeling Labs? stack.watch will email you.
Affected Versions
Cisco Modeling Labs Version n/a is affected by CVE-2021-1531Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.