CVE-2021-1475

MEDIUM

Cisco Umbrella - Command Injection

Title source: llm

Description

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

References (1)

[Patch, Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-inject-gbZGHP5T

Scores

CVSS v3 6.5

EPSS 0.0018

EPSS Percentile 39.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1236

Status published

Products (1)

cisco/umbrella

Published Apr 08, 2021

Tracked Since Feb 18, 2026