Details of VAR-202101-0747

ID

VAR-202101-0747

CVE

CVE-2021-1133

TITLE

Cisco Data Center Network Manager Incomplete blacklist vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002600

DESCRIPTION

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Exists in an incomplete blacklist vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // VULHUB: VHN-374187 // VULMON: CVE-2021-1133

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.4\(1\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco data center network manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002600 // NVD: CVE-2021-1133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1133
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1133
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1133
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202101-1559
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374187
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1133
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1133
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374187
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1133
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1133
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1133
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374187 // VULMON: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // CNNVD: CNNVD-202101-1559 // NVD: CVE-2021-1133 // NVD: CVE-2021-1133

PROBLEMTYPE DATA

problemtype:	CWE-184	Trust: 1.1
problemtype:	Incomplete blacklist (CWE-184) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374187 // JVNDB: JVNDB-2021-002600 // NVD: CVE-2021-1133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1559

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202101-1559

PATCH

title:	cisco-sa-dcnm-api-path-TpTApx2p	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p	Trust: 0.8
title:	Cisco Data Center Network Manager Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139817	Trust: 0.6
title:	Cisco: Cisco Data Center Network Manager REST API Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-api-path-TpTApx2p	Trust: 0.1

sources: VULMON: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // CNNVD: CNNVD-202101-1559

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1133	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002600	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0246	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1559	Trust: 0.6
db:	VULHUB	id:	VHN-374187	Trust: 0.1
db:	VULMON	id:	CVE-2021-1133	Trust: 0.1

sources: VULHUB: VHN-374187 // VULMON: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // CNNVD: CNNVD-202101-1559 // NVD: CVE-2021-1133

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-api-path-tptapx2p	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1133	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0246/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-data-center-network-manager-three-vulnerabilities-via-rest-api-34384	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/184.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374187 // VULMON: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // CNNVD: CNNVD-202101-1559 // NVD: CVE-2021-1133

SOURCES

db:	VULHUB	id:	VHN-374187
db:	VULMON	id:	CVE-2021-1133
db:	JVNDB	id:	JVNDB-2021-002600
db:	CNNVD	id:	CNNVD-202101-1559
db:	NVD	id:	CVE-2021-1133

LAST UPDATE DATE

2024-08-14T13:54:17.283000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374187	date:	2021-01-27T00:00:00
db:	VULMON	id:	CVE-2021-1133	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002600	date:	2021-09-27T09:05:00
db:	CNNVD	id:	CNNVD-202101-1559	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1133	date:	2023-11-07T03:27:28.270

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374187	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1133	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002600	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1559	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1133	date:	2021-01-20T20:15:13.313