CVE-2021-1474 - Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisc

CVE-2021-1474

Summary

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-inject-gbZGHP5T

Vulnerable Configurations

cpe:2.3:a:cisco:umbrella:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:umbrella:-:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 19-04-2021 - 14:28)
Impact:
Exploitability:

CWE

CWE-1236

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

Last major update

19-04-2021 - 14:28

Published

08-04-2021 - 04:15

Last modified

19-04-2021 - 14:28