ID

VAR-202101-0742


CVE

CVE-2021-1126


TITLE

Cisco Firepower Management Center  Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002780

DESCRIPTION

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server. Cisco Firepower Management Center (FMC) Exists in an inadequate protection of credentials.Information may be obtained. The vulnerability exists in the following devices or models: Cisco Small Business RV110W, Cisco Small Business RV130, Cisco Small Business RV130W, Cisco Small Business RV215W

Trust: 1.71

sources: NVD: CVE-2021-1126 // JVNDB: JVNDB-2021-002780 // VULHUB: VHN-374180

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:ltversion:6.7.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower management centerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower management centerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002780 // NVD: CVE-2021-1126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1126
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1126
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1126
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1039
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374180
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1126
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374180
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2021-1126
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2021-1126
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-374180 // JVNDB: JVNDB-2021-002780 // CNNVD: CNNVD-202101-1039 // NVD: CVE-2021-1126 // NVD: CVE-2021-1126

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-256

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374180 // JVNDB: JVNDB-2021-002780 // NVD: CVE-2021-1126

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1039

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202101-1039

PATCH

title:cisco-sa-fmc-infodisc-RJdktM6furl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-RJdktM6f

Trust: 0.8

title:Cisco Firepower Management Center Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139141

Trust: 0.6

sources: JVNDB: JVNDB-2021-002780 // CNNVD: CNNVD-202101-1039

EXTERNAL IDS

db:NVDid:CVE-2021-1126

Trust: 2.5

db:JVNDBid:JVNDB-2021-002780

Trust: 0.8

db:AUSCERTid:ESB-2021.0150

Trust: 0.6

db:CNNVDid:CNNVD-202101-1039

Trust: 0.6

db:VULHUBid:VHN-374180

Trust: 0.1

sources: VULHUB: VHN-374180 // JVNDB: JVNDB-2021-002780 // CNNVD: CNNVD-202101-1039 // NVD: CVE-2021-1126

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-infodisc-rjdktm6f

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1126

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0150/

Trust: 0.6

sources: VULHUB: VHN-374180 // JVNDB: JVNDB-2021-002780 // CNNVD: CNNVD-202101-1039 // NVD: CVE-2021-1126

SOURCES

db:VULHUBid:VHN-374180
db:JVNDBid:JVNDB-2021-002780
db:CNNVDid:CNNVD-202101-1039
db:NVDid:CVE-2021-1126

LAST UPDATE DATE

2024-08-14T15:12:05.211000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374180date:2022-08-05T00:00:00
db:JVNDBid:JVNDB-2021-002780date:2021-10-01T06:09:00
db:CNNVDid:CNNVD-202101-1039date:2022-08-10T00:00:00
db:NVDid:CVE-2021-1126date:2022-08-05T19:28:40.820

SOURCES RELEASE DATE

db:VULHUBid:VHN-374180date:2021-01-13T00:00:00
db:JVNDBid:JVNDB-2021-002780date:2021-10-01T00:00:00
db:CNNVDid:CNNVD-202101-1039date:2021-01-13T00:00:00
db:NVDid:CVE-2021-1126date:2021-01-13T22:15:14.303