Details of VAR-202101-0742

ID

VAR-202101-0742

CVE

CVE-2021-1126

TITLE

Cisco Firepower Management Center Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002780

DESCRIPTION

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server. Cisco Firepower Management Center (FMC) Exists in an inadequate protection of credentials.Information may be obtained. The vulnerability exists in the following devices or models: Cisco Small Business RV110W, Cisco Small Business RV130, Cisco Small Business RV130W, Cisco Small Business RV215W

Trust: 1.71

sources: NVD: CVE-2021-1126 // JVNDB: JVNDB-2021-002780 // VULHUB: VHN-374180

AFFECTED PRODUCTS

vendor:	cisco	model:	firepower management center	scope:	lt	version:	6.7.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco firepower management center	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco firepower management center	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002780 // NVD: CVE-2021-1126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1126
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1126
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1126
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1039
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374180
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1126
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374180
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2021-1126
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-1126
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374180 // JVNDB: JVNDB-2021-002780 // CNNVD: CNNVD-202101-1039 // NVD: CVE-2021-1126 // NVD: CVE-2021-1126

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-256	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374180 // JVNDB: JVNDB-2021-002780 // NVD: CVE-2021-1126

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1039

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202101-1039

PATCH

title:	cisco-sa-fmc-infodisc-RJdktM6f	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-infodisc-RJdktM6f	Trust: 0.8
title:	Cisco Firepower Management Center Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139141	Trust: 0.6

sources: JVNDB: JVNDB-2021-002780 // CNNVD: CNNVD-202101-1039

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1126	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-002780	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0150	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1039	Trust: 0.6
db:	VULHUB	id:	VHN-374180	Trust: 0.1

sources: VULHUB: VHN-374180 // JVNDB: JVNDB-2021-002780 // CNNVD: CNNVD-202101-1039 // NVD: CVE-2021-1126

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-infodisc-rjdktm6f	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1126	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0150/	Trust: 0.6

sources: VULHUB: VHN-374180 // JVNDB: JVNDB-2021-002780 // CNNVD: CNNVD-202101-1039 // NVD: CVE-2021-1126

SOURCES

db:	VULHUB	id:	VHN-374180
db:	JVNDB	id:	JVNDB-2021-002780
db:	CNNVD	id:	CNNVD-202101-1039
db:	NVD	id:	CVE-2021-1126

LAST UPDATE DATE

2024-08-14T15:12:05.211000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374180	date:	2022-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-002780	date:	2021-10-01T06:09:00
db:	CNNVD	id:	CNNVD-202101-1039	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2021-1126	date:	2022-08-05T19:28:40.820

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374180	date:	2021-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-002780	date:	2021-10-01T00:00:00
db:	CNNVD	id:	CNNVD-202101-1039	date:	2021-01-13T00:00:00
db:	NVD	id:	CVE-2021-1126	date:	2021-01-13T22:15:14.303