Details of VAR-202101-1022

ID

VAR-202101-1022

CVE

CVE-2021-1250

TITLE

Cisco Data Center Network Manager Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-002629

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1250 // JVNDB: JVNDB-2021-002629 // VULHUB: VHN-374304 // VULMON: CVE-2021-1250

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.5\(1\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco data center network manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002629 // NVD: CVE-2021-1250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1250
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1250
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1250
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1511
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374304
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1250
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1250
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374304
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1250
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1250
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.3
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1250
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374304 // VULMON: CVE-2021-1250 // JVNDB: JVNDB-2021-002629 // CNNVD: CNNVD-202101-1511 // NVD: CVE-2021-1250 // NVD: CVE-2021-1250

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374304 // JVNDB: JVNDB-2021-002629 // NVD: CVE-2021-1250

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1511

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202101-1511

PATCH

title:	cisco-sa-dcnm-xss-vulns-GuUJ39gh	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh	Trust: 0.8
title:	Cisco Data Center Network Manager Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139775	Trust: 0.6
title:	Cisco: Cisco Data Center Network Manager Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-xss-vulns-GuUJ39gh	Trust: 0.1

sources: VULMON: CVE-2021-1250 // JVNDB: JVNDB-2021-002629 // CNNVD: CNNVD-202101-1511

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1250	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002629	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0246	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1511	Trust: 0.6
db:	VULHUB	id:	VHN-374304	Trust: 0.1
db:	VULMON	id:	CVE-2021-1250	Trust: 0.1

sources: VULHUB: VHN-374304 // VULMON: CVE-2021-1250 // JVNDB: JVNDB-2021-002629 // CNNVD: CNNVD-202101-1511 // NVD: CVE-2021-1250

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-xss-vulns-guuj39gh	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1250	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0246/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-data-center-network-manager-cross-site-scripting-via-network-operator-34390	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195338	Trust: 0.1

sources: VULHUB: VHN-374304 // VULMON: CVE-2021-1250 // JVNDB: JVNDB-2021-002629 // CNNVD: CNNVD-202101-1511 // NVD: CVE-2021-1250

SOURCES

db:	VULHUB	id:	VHN-374304
db:	VULMON	id:	CVE-2021-1250
db:	JVNDB	id:	JVNDB-2021-002629
db:	CNNVD	id:	CNNVD-202101-1511
db:	NVD	id:	CVE-2021-1250

LAST UPDATE DATE

2024-08-14T13:54:17.370000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374304	date:	2021-01-27T00:00:00
db:	VULMON	id:	CVE-2021-1250	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002629	date:	2021-09-27T09:06:00
db:	CNNVD	id:	CNNVD-202101-1511	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1250	date:	2023-11-07T03:27:47.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374304	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1250	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002629	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1511	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1250	date:	2021-01-20T21:15:12.397