CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2021-31356 HIGH
Juniper Junos OS Evolved < 20.4R3-S1-EVO - Authenticated Command Injection via CLI Bypass
CVSS 7.8
CVE-2021-40998 HIGH
Aruba ClearPass Policy Manager <6.10.2, <6.9.7-HF1, <6.8.9-HF1 - RCE
CVSS 7.2
CVE-2021-40995 MEDIUM
Aruba ClearPass Policy Manager <6.10.2, <6.9.7-HF1, <6.8.9-HF1 - RCE
CVSS 6.3
CVE-2021-40994 MEDIUM
Aruba ClearPass Policy Manager <6.10.2, <6.9.7-HF1, <6.8.9-HF1 - RCE
CVSS 6.3
CVE-2021-40987 HIGH
Aruba ClearPass Policy Manager <6.10.2, <6.9.7-HF1, <6.8.9-HF1 - RCE
CVSS 7.2
CVE-2021-40986 HIGH
Aruba ClearPass Policy Manager <6.10.2, <6.9.7-HF1, <6.8.9-HF1 - RCE
CVSS 7.2
CVE-2021-37739 HIGH
Aruba ClearPass Policy Manager 6.8.0-6.8.9 - Remote Command Execution
CVSS 7.2
CVE-2021-40999 HIGH
Aruba ClearPass Policy Manager <6.10.2, <6.9.7-HF1, <6.8.9-HF1 - RCE
CVSS 7.2
CVE-2021-42094 CRITICAL
Zammad < 4.1.1 - Command Injection via Custom Packages
CVSS 9.8
CVE-2021-34748 HIGH
Cisco Intersight Virtual Appliance 1.0.9-150-1.0.9-292 - Authenticated OS Command Injection
CVSS 8.8
CVE-2021-41116 HIGH
Composer <1.10.23, <2.1.9 - Command Injection
CVSS 8.2
CVE-2021-34352 HIGH
QVR < 5.1.5 - OS Command Injection
CVSS 7.2
CVE-2021-37106 HIGH
Huawei FusionCompute 6.3.0, 6.3.1, 6.5.0, 8.0.0 - Command Injection in CMA Service Module
CVSS 7.2
CVE-2021-38124 CRITICAL
Micro Focus ArcSight ESM <7.5 - RCE
CVSS 9.8
CVE-2021-34351 CRITICAL
QNAP QVR < 5.1.5 - OS Command Injection
CVSS 9.8
CVE-2021-34349 HIGH
QNAP QVR < 5.1.5 - OS Command Injection
CVSS 7.2
CVE-2021-34348 CRITICAL
QNAP QVR < 5.1.5 - OS Command Injection
CVSS 9.8
CVE-2021-22868 MEDIUM
GitHub Enterprise Server < 2.22.22 - Authenticated Path Traversal via GitHub Pages Configuration
CVSS 4.3
CVE-2021-34729 MEDIUM
Cisco IOS XE and IOS XE SD-WAN < 17.3.1a - Authenticated OS Command Injection via CLI Arguments
CVSS 6.7
CVE-2021-34726 MEDIUM
Cisco SD-WAN < 18.4.6 - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2021-34725 MEDIUM
Cisco IOS XE SD-WAN < 17.2.1r - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2021-28960 CRITICAL
ManageEngine Desktop Central < 10.0.683 - Unauthenticated Command Injection via On-Demand Operations
CVSS 9.8
CVE-2021-41383 HIGH
NETGEAR R6020 1.0.0.48 - Authenticated Command Injection via NTP Server Field
CVSS 7.2
CVE-2021-37145 HIGH
Poly CX5500 and CX5100 1.3.5 - Authenticated Remote Code Execution via Telnet Command Injection
CVSS 7.2
CVE-2021-37724 HIGH
ArubaOS < 8.3.0.16, 8.5.0.12, 8.6.0.8, 8.7.1.2 - Remote Command Execution
CVSS 7.2
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits