THREATOPS
THREAT OPSThreat News › Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability

Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability

lowcisco_psirtPublished 2026-06-17

<p>A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an&nbsp;authenticated, remote attacker to execute arbitrary commands on an affected device.</p> <p>This vulnerability is due to insufficient input validation in the configuration&nbsp;template engine of the web-based management interface. An attacker could exploit this vulnerability by sendin

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnc-inj-QNMeEmxk?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Crosswork%20Network%20Controller%20Server-Side%20Template%20Injection%20Vulnerability%26vs_k=1