Adding Cisco CVE-2021-1247

2025-08-04 08:44:25 +00:00 · 2021-01-20 19:33:00 +00:00 · 2021-01-20 19:33:00 +00:00 · 63b216b1c4
commit 63b216b1c4
parent 1114445867
1 changed files with 76 additions and 7 deletions
--- a/2021/1xxx/CVE-2021-1247.json
+++ b/2021/1xxx/CVE-2021-1247.json
@ -1,18 +1,87 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2021-01-20T16:00:00",
        "ID": "CVE-2021-1247",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Data Center Network Manager SQL Injection Vulnerabilities"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Data Center Network Manager ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r "
+            }
+        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "8.8",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-89"
                    }
                ]
            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20210120 Cisco Data Center Network Manager SQL Injection Vulnerabilities",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-dcnm-sql-inj-OAQOObP",
+        "defect": [
+            [
+                "CSCvv82432",
+                "CSCvv82433"
+            ]
+        ],
+        "discovery": "INTERNAL"
+    }
 }