Sign-up

ID

VAR-202101-0748


CVE

CVE-2021-1135


TITLE

Cisco Data Center Network Manager  Incomplete blacklist vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002622

DESCRIPTION

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Exists in an incomplete blacklist vulnerability.Information may be tampered with. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1135 // JVNDB: JVNDB-2021-002622 // VULHUB: VHN-374189 // VULMON: CVE-2021-1135

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002622 // NVD: CVE-2021-1135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1135
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1135
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1135
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1522
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374189
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1135
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1135
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374189
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1135
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1135
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-1135
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374189 // VULMON: CVE-2021-1135 // JVNDB: JVNDB-2021-002622 // CNNVD: CNNVD-202101-1522 // NVD: CVE-2021-1135 // NVD: CVE-2021-1135

PROBLEMTYPE DATA

problemtype:CWE-184

Trust: 1.1

problemtype:Incomplete blacklist (CWE-184) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374189 // JVNDB: JVNDB-2021-002622 // NVD: CVE-2021-1135

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1522

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1522

PATCH

title:cisco-sa-dcnm-api-path-TpTApx2purl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p

Trust: 0.8

title:Cisco Data Center Network Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139785

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager REST API Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-api-path-TpTApx2p

Trust: 0.1

sources: VULMON: CVE-2021-1135 // JVNDB: JVNDB-2021-002622 // CNNVD: CNNVD-202101-1522

EXTERNAL IDS

db:NVDid:CVE-2021-1135

Trust: 2.6

db:JVNDBid:JVNDB-2021-002622

Trust: 0.8

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:CNNVDid:CNNVD-202101-1522

Trust: 0.6

db:VULHUBid:VHN-374189

Trust: 0.1

db:VULMONid:CVE-2021-1135

Trust: 0.1

sources: VULHUB: VHN-374189 // VULMON: CVE-2021-1135 // JVNDB: JVNDB-2021-002622 // CNNVD: CNNVD-202101-1522 // NVD: CVE-2021-1135

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-api-path-tptapx2p

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1135

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-three-vulnerabilities-via-rest-api-34384

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/184.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195354

Trust: 0.1

sources: VULHUB: VHN-374189 // VULMON: CVE-2021-1135 // JVNDB: JVNDB-2021-002622 // CNNVD: CNNVD-202101-1522 // NVD: CVE-2021-1135

SOURCES

db:VULHUBid:VHN-374189
db:VULMONid:CVE-2021-1135
db:JVNDBid:JVNDB-2021-002622
db:CNNVDid:CNNVD-202101-1522
db:NVDid:CVE-2021-1135

LAST UPDATE DATE

2024-08-14T13:54:17.254000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374189date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1135date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002622date:2021-09-27T09:06:00
db:CNNVDid:CNNVD-202101-1522date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1135date:2023-11-07T03:27:28.467

SOURCES RELEASE DATE

db:VULHUBid:VHN-374189date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1135date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002622date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1522date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1135date:2021-01-20T21:15:11.130