Vulnerability in Cisco Umbrella Insights Virtual Appliance
CVE-2021-1474
Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more info…
EPSS: 0.003 (56.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L.
Affected products
- Cisco Umbrella Insights Virtual Appliance — versions n/a
Weakness classification (CWE)
References
- 20210407 Cisco Umbrella Link and CSV Formula Injection Vulnerabilities (vendor-advisory, x_refsource_CISCO)
Frequently asked questions
- What is CVE-2021-1474?
- CVE-2021-1474 is a medium-severity vulnerability in Cisco Umbrella Insights Virtual Appliance, classified under Improper Neutralization of Formula Elements in a CSV File. CVSS score: 6.5/10. Published 2021-04-08.
- How severe is CVE-2021-1474?
- Medium severity. CVSS v3 base score is 6.5 out of 10.