ID

VAR-202101-0779


CVE

CVE-2021-1219


TITLE

Cisco Smart Software Manager Satellite  Vulnerability in Using Hard Coded Credentials

Trust: 0.8

sources: JVNDB: JVNDB-2021-002790

DESCRIPTION

A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. The software eliminates cumbersome product activation key (PAK) and license file management, makes the license node no longer locked to the device, and can support the license to be used on any compatible device

Trust: 1.8

sources: NVD: CVE-2021-1219 // JVNDB: JVNDB-2021-002790 // VULHUB: VHN-374273 // VULMON: CVE-2021-1219

AFFECTED PRODUCTS

vendor:ciscomodel:smart software manager on-premscope:lteversion:5.1.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco smart software manager on-premscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco smart software manager on-premscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002790 // NVD: CVE-2021-1219

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1219
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1219
value: HIGH

Trust: 1.0

NVD: CVE-2021-1219
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-1519
value: HIGH

Trust: 0.6

VULHUB: VHN-374273
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1219
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1219
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374273
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2021-1219
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2021-1219
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-374273 // VULMON: CVE-2021-1219 // JVNDB: JVNDB-2021-002790 // CNNVD: CNNVD-202101-1519 // NVD: CVE-2021-1219 // NVD: CVE-2021-1219

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:Using hardcoded credentials (CWE-798) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374273 // JVNDB: JVNDB-2021-002790 // NVD: CVE-2021-1219

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1519

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202101-1519

PATCH

title:cisco-sa-cssm-sc-Jd42D4Tqurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq

Trust: 0.8

title:Cisco Smart Software Manager Satellite Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139783

Trust: 0.6

title:Cisco: Cisco Smart Software Manager Satellite Static Credential Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cssm-sc-Jd42D4Tq

Trust: 0.1

sources: VULMON: CVE-2021-1219 // JVNDB: JVNDB-2021-002790 // CNNVD: CNNVD-202101-1519

EXTERNAL IDS

db:NVDid:CVE-2021-1219

Trust: 2.6

db:JVNDBid:JVNDB-2021-002790

Trust: 0.8

db:AUSCERTid:ESB-2021.0240

Trust: 0.6

db:CNNVDid:CNNVD-202101-1519

Trust: 0.6

db:VULHUBid:VHN-374273

Trust: 0.1

db:VULMONid:CVE-2021-1219

Trust: 0.1

sources: VULHUB: VHN-374273 // VULMON: CVE-2021-1219 // JVNDB: JVNDB-2021-002790 // CNNVD: CNNVD-202101-1519 // NVD: CVE-2021-1219

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cssm-sc-jd42d4tq

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1219

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0240/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/798.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195331

Trust: 0.1

sources: VULHUB: VHN-374273 // VULMON: CVE-2021-1219 // JVNDB: JVNDB-2021-002790 // CNNVD: CNNVD-202101-1519 // NVD: CVE-2021-1219

SOURCES

db:VULHUBid:VHN-374273
db:VULMONid:CVE-2021-1219
db:JVNDBid:JVNDB-2021-002790
db:CNNVDid:CNNVD-202101-1519
db:NVDid:CVE-2021-1219

LAST UPDATE DATE

2024-11-23T21:34:59.929000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374273date:2021-01-28T00:00:00
db:VULMONid:CVE-2021-1219date:2021-01-28T00:00:00
db:JVNDBid:JVNDB-2021-002790date:2021-10-01T08:56:00
db:CNNVDid:CNNVD-202101-1519date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1219date:2024-11-21T05:43:51.410

SOURCES RELEASE DATE

db:VULHUBid:VHN-374273date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1219date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002790date:2021-10-01T00:00:00
db:CNNVDid:CNNVD-202101-1519date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1219date:2021-01-20T21:15:11.693