ID

VAR-202101-0747


CVE

CVE-2021-1133


TITLE

Cisco Data Center Network Manager  Incomplete blacklist vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002600

DESCRIPTION

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Exists in an incomplete blacklist vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // VULHUB: VHN-374187 // VULMON: CVE-2021-1133

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002600 // NVD: CVE-2021-1133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1133
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1133
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1133
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-1559
value: HIGH

Trust: 0.6

VULHUB: VHN-374187
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1133
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1133
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374187
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1133
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1133
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-1133
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374187 // VULMON: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // CNNVD: CNNVD-202101-1559 // NVD: CVE-2021-1133 // NVD: CVE-2021-1133

PROBLEMTYPE DATA

problemtype:CWE-184

Trust: 1.1

problemtype:Incomplete blacklist (CWE-184) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374187 // JVNDB: JVNDB-2021-002600 // NVD: CVE-2021-1133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1559

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202101-1559

PATCH

title:cisco-sa-dcnm-api-path-TpTApx2purl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p

Trust: 0.8

title:Cisco Data Center Network Manager Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139817

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager REST API Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-api-path-TpTApx2p

Trust: 0.1

sources: VULMON: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // CNNVD: CNNVD-202101-1559

EXTERNAL IDS

db:NVDid:CVE-2021-1133

Trust: 2.6

db:JVNDBid:JVNDB-2021-002600

Trust: 0.8

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:CNNVDid:CNNVD-202101-1559

Trust: 0.6

db:VULHUBid:VHN-374187

Trust: 0.1

db:VULMONid:CVE-2021-1133

Trust: 0.1

sources: VULHUB: VHN-374187 // VULMON: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // CNNVD: CNNVD-202101-1559 // NVD: CVE-2021-1133

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-api-path-tptapx2p

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1133

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-three-vulnerabilities-via-rest-api-34384

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/184.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374187 // VULMON: CVE-2021-1133 // JVNDB: JVNDB-2021-002600 // CNNVD: CNNVD-202101-1559 // NVD: CVE-2021-1133

SOURCES

db:VULHUBid:VHN-374187
db:VULMONid:CVE-2021-1133
db:JVNDBid:JVNDB-2021-002600
db:CNNVDid:CNNVD-202101-1559
db:NVDid:CVE-2021-1133

LAST UPDATE DATE

2024-11-23T21:51:04.975000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374187date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1133date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002600date:2021-09-27T09:05:00
db:CNNVDid:CNNVD-202101-1559date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1133date:2024-11-21T05:43:39.700

SOURCES RELEASE DATE

db:VULHUBid:VHN-374187date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1133date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002600date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1559date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1133date:2021-01-20T20:15:13.313