From 63b216b1c4d483e090a9a67da9cdf38fcb064857 Mon Sep 17 00:00:00 2001
From: santosomar <santosomar@gmail.com>
Date: Wed, 20 Jan 2021 19:33:00 +0000
Subject: [PATCH] Adding Cisco CVE-2021-1247

---
 2021/1xxx/CVE-2021-1247.json | 83 +++++++++++++++++++++++++++++++++---
 1 file changed, 76 insertions(+), 7 deletions(-)

diff --git a/2021/1xxx/CVE-2021-1247.json b/2021/1xxx/CVE-2021-1247.json
index d90a6e5f04b..38590731b54 100644
--- a/2021/1xxx/CVE-2021-1247.json
+++ b/2021/1xxx/CVE-2021-1247.json
@@ -1,18 +1,87 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2021-01-20T16:00:00",
         "ID": "CVE-2021-1247",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Data Center Network Manager SQL Injection Vulnerabilities"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Data Center Network Manager ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
             }
         ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "8.8",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-89"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20210120 Cisco Data Center Network Manager SQL Injection Vulnerabilities",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-dcnm-sql-inj-OAQOObP",
+        "defect": [
+            [
+                "CSCvv82432",
+                "CSCvv82433"
+            ]
+        ],
+        "discovery": "INTERNAL"
     }
-}
\ No newline at end of file
+}