Sign-up

ID

VAR-202101-1019


CVE

CVE-2021-1247


TITLE

Cisco Data Center Network Manager  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-002626

DESCRIPTION

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) is a data center management system of Cisco (Cisco). The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1247 // JVNDB: JVNDB-2021-002626 // VULHUB: VHN-374301 // VULMON: CVE-2021-1247

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.5\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002626 // NVD: CVE-2021-1247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1247
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1247
value: HIGH

Trust: 1.0

NVD: CVE-2021-1247
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-1610
value: HIGH

Trust: 0.6

VULHUB: VHN-374301
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1247
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1247
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374301
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1247
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-1247
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374301 // VULMON: CVE-2021-1247 // JVNDB: JVNDB-2021-002626 // CNNVD: CNNVD-202101-1610 // NVD: CVE-2021-1247 // NVD: CVE-2021-1247

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374301 // JVNDB: JVNDB-2021-002626 // NVD: CVE-2021-1247

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1610

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1610

PATCH

title:cisco-sa-dcnm-sql-inj-OAQOObPurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP

Trust: 0.8

title:Cisco Data Center Network Manager SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139863

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager SQL Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-sql-inj-OAQOObP

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/

Trust: 0.1

sources: VULMON: CVE-2021-1247 // JVNDB: JVNDB-2021-002626 // CNNVD: CNNVD-202101-1610

EXTERNAL IDS

db:NVDid:CVE-2021-1247

Trust: 2.6

db:JVNDBid:JVNDB-2021-002626

Trust: 0.8

db:CNNVDid:CNNVD-202101-1610

Trust: 0.7

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:VULHUBid:VHN-374301

Trust: 0.1

db:VULMONid:CVE-2021-1247

Trust: 0.1

sources: VULHUB: VHN-374301 // VULMON: CVE-2021-1247 // JVNDB: JVNDB-2021-002626 // CNNVD: CNNVD-202101-1610 // NVD: CVE-2021-1247

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-sql-inj-oaqoobp

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1247

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-sql-injection-via-rest-api-endpoints-34388

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374301 // VULMON: CVE-2021-1247 // JVNDB: JVNDB-2021-002626 // CNNVD: CNNVD-202101-1610 // NVD: CVE-2021-1247

SOURCES

db:VULHUBid:VHN-374301
db:VULMONid:CVE-2021-1247
db:JVNDBid:JVNDB-2021-002626
db:CNNVDid:CNNVD-202101-1610
db:NVDid:CVE-2021-1247

LAST UPDATE DATE

2024-08-14T13:54:17.398000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374301date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1247date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002626date:2021-09-27T09:06:00
db:CNNVDid:CNNVD-202101-1610date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1247date:2023-11-07T03:27:47.273

SOURCES RELEASE DATE

db:VULHUBid:VHN-374301date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1247date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002626date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1610date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1247date:2021-01-20T21:15:12.177