ID

VAR-202101-1020


CVE

CVE-2021-1248


TITLE

Cisco Data Center Network Manager  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-002627

DESCRIPTION

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) is a data center management system of Cisco (Cisco). The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1248 // JVNDB: JVNDB-2021-002627 // VULHUB: VHN-374302 // VULMON: CVE-2021-1248

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.5\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002627 // NVD: CVE-2021-1248

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1248
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1248
value: HIGH

Trust: 1.0

NVD: CVE-2021-1248
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-1513
value: HIGH

Trust: 0.6

VULHUB: VHN-374302
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1248
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1248
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374302
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1248
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1248
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-1248
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374302 // VULMON: CVE-2021-1248 // JVNDB: JVNDB-2021-002627 // CNNVD: CNNVD-202101-1513 // NVD: CVE-2021-1248 // NVD: CVE-2021-1248

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374302 // JVNDB: JVNDB-2021-002627 // NVD: CVE-2021-1248

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1513

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1513

PATCH

title:cisco-sa-dcnm-sql-inj-OAQOObPurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-sql-inj-OAQOObP

Trust: 0.8

title:Cisco Data Center Network Manager SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139777

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager SQL Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-sql-inj-OAQOObP

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/

Trust: 0.1

sources: VULMON: CVE-2021-1248 // JVNDB: JVNDB-2021-002627 // CNNVD: CNNVD-202101-1513

EXTERNAL IDS

db:NVDid:CVE-2021-1248

Trust: 2.6

db:JVNDBid:JVNDB-2021-002627

Trust: 0.8

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:CNNVDid:CNNVD-202101-1513

Trust: 0.6

db:VULHUBid:VHN-374302

Trust: 0.1

db:VULMONid:CVE-2021-1248

Trust: 0.1

sources: VULHUB: VHN-374302 // VULMON: CVE-2021-1248 // JVNDB: JVNDB-2021-002627 // CNNVD: CNNVD-202101-1513 // NVD: CVE-2021-1248

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-sql-inj-oaqoobp

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1248

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-sql-injection-via-rest-api-endpoints-34388

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195346

Trust: 0.1

sources: VULHUB: VHN-374302 // VULMON: CVE-2021-1248 // JVNDB: JVNDB-2021-002627 // CNNVD: CNNVD-202101-1513 // NVD: CVE-2021-1248

SOURCES

db:VULHUBid:VHN-374302
db:VULMONid:CVE-2021-1248
db:JVNDBid:JVNDB-2021-002627
db:CNNVDid:CNNVD-202101-1513
db:NVDid:CVE-2021-1248

LAST UPDATE DATE

2024-11-23T21:51:05.367000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374302date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1248date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002627date:2021-09-27T09:06:00
db:CNNVDid:CNNVD-202101-1513date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1248date:2024-11-21T05:43:55.383

SOURCES RELEASE DATE

db:VULHUBid:VHN-374302date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1248date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002627date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1513date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1248date:2021-01-20T21:15:12.257