What is CVE-2021-1248?

CVE-2021-1248 is a high-severity vulnerability in Cisco Data Center Network Manager, classified under SQL Injection. CVSS score: 8.8/10. Published 2021-01-20.

How severe is CVE-2021-1248?

High severity. CVSS v3 base score is 8.8 out of 10.

SQL Injection in Cisco Data Center Network Manager

CVE-2021-1248

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vuln…

Vulnerability class: SQL Injection

EPSS: 0.007 (72.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Data Center Network Manager — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

20210120 Cisco Data Center Network Manager SQL Injection Vulnerabilities (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2021-1248?: CVE-2021-1248 is a high-severity vulnerability in Cisco Data Center Network Manager, classified under SQL Injection. CVSS score: 8.8/10. Published 2021-01-20.
How severe is CVE-2021-1248?: High severity. CVSS v3 base score is 8.8 out of 10.