Cisco’s Cloud Services Platform (CSP) suffers from two vulnerabilities attackers could leverage to execute arbitrary code and commands.
Cisco CSP 2100 web-based user interface suffers from a critical vulnerability caused by insufficient sanitization of user input.
That could allow an attacker to remotely execute arbitrary commands on the underlying operating system with root privileges.
The second vulnerability affecting CSP 2100, rated “high severity,” allows an unauthenticated attacker to remotely execute arbitrary code on a targeted system by sending it a malicious dnslookup request. If that event occurred, the attacker would have privileges that could allow them to execute code.
Both security holes affect the Cisco Cloud Services Platform 2100 version 2.0 and they have been addressed in version 2.1.0 and later.
The company said it is not aware of any attacks using these vulnerabilities.