Details of VAR-202101-0744

ID

VAR-202101-0744

CVE

CVE-2021-1129

TITLE

plural Cisco Product Vulnerability in inserting important information into transmitted data in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002599

DESCRIPTION

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploit this vulnerability by sending a crafted request for information to the general purpose API on an affected device. A successful exploit could allow the attacker to obtain system and configuration information from the affected device, resulting in an unauthorized information disclosure

Trust: 1.8

sources: NVD: CVE-2021-1129 // JVNDB: JVNDB-2021-002599 // VULHUB: VHN-374183 // VULMON: CVE-2021-1129

AFFECTED PRODUCTS

vendor:	cisco	model:	content security management appliance	scope:	eq	version:	12.5.0	Trust: 1.0
vendor:	cisco	model:	email security appliance	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	eq	version:	11.8.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco コンテンツセキュリティ管理アプライアンス	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco web セキュリティアプライアンス	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco e メールセキュリティアプライアンス	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002599 // NVD: CVE-2021-1129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1129
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1129
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1129
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1561
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374183
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1129
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1129
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374183
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1129
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1129
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374183 // VULMON: CVE-2021-1129 // JVNDB: JVNDB-2021-002599 // CNNVD: CNNVD-202101-1561 // NVD: CVE-2021-1129 // NVD: CVE-2021-1129

PROBLEMTYPE DATA

problemtype:	CWE-201	Trust: 1.1
problemtype:	Inserting important information into outgoing data (CWE-201) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374183 // JVNDB: JVNDB-2021-002599 // NVD: CVE-2021-1129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1561

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202101-1561

PATCH

title:	cisco-sa-esa-wsa-sma-info-RHp44vAC	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-RHp44vAC	Trust: 0.8
title:	Cisco: Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-esa-wsa-sma-info-RHp44vAC	Trust: 0.1

sources: VULMON: CVE-2021-1129 // JVNDB: JVNDB-2021-002599

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1129	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002599	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0249	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1561	Trust: 0.6
db:	VULHUB	id:	VHN-374183	Trust: 0.1
db:	VULMON	id:	CVE-2021-1129	Trust: 0.1

sources: VULHUB: VHN-374183 // VULMON: CVE-2021-1129 // JVNDB: JVNDB-2021-002599 // CNNVD: CNNVD-202101-1561 // NVD: CVE-2021-1129

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-wsa-sma-info-rhp44vac	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1129	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-esa-sma-wsa-information-disclosure-via-general-purpose-api-34391	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0249/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/201.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195319	Trust: 0.1

sources: VULHUB: VHN-374183 // VULMON: CVE-2021-1129 // JVNDB: JVNDB-2021-002599 // CNNVD: CNNVD-202101-1561 // NVD: CVE-2021-1129

SOURCES

db:	VULHUB	id:	VHN-374183
db:	VULMON	id:	CVE-2021-1129
db:	JVNDB	id:	JVNDB-2021-002599
db:	CNNVD	id:	CNNVD-202101-1561
db:	NVD	id:	CVE-2021-1129

LAST UPDATE DATE

2024-11-23T23:04:07.449000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374183	date:	2021-01-27T00:00:00
db:	VULMON	id:	CVE-2021-1129	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002599	date:	2021-09-27T09:05:00
db:	CNNVD	id:	CNNVD-202101-1561	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1129	date:	2024-11-21T05:43:39.177

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374183	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1129	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002599	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1561	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1129	date:	2021-01-20T20:15:13.050