Sign-up

ID

VAR-202101-1024


CVE

CVE-2021-1255


TITLE

Cisco Data Center Network Manager  Incomplete blacklist vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002602

DESCRIPTION

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Exists in an incomplete blacklist vulnerability.Information may be obtained and information may be tampered with. Cisco DNA Center software is a software of Cisco (Cisco). An access control error vulnerability exists in Cisco DNA Center software

Trust: 1.8

sources: NVD: CVE-2021-1255 // JVNDB: JVNDB-2021-002602 // VULHUB: VHN-374309 // VULMON: CVE-2021-1255

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.4\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002602 // NVD: CVE-2021-1255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1255
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1255
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1255
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1595
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374309
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1255
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1255
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374309
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1255
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1255
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-1255
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374309 // VULMON: CVE-2021-1255 // JVNDB: JVNDB-2021-002602 // CNNVD: CNNVD-202101-1595 // NVD: CVE-2021-1255 // NVD: CVE-2021-1255

PROBLEMTYPE DATA

problemtype:CWE-184

Trust: 1.1

problemtype:Incomplete blacklist (CWE-184) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374309 // JVNDB: JVNDB-2021-002602 // NVD: CVE-2021-1255

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1595

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1595

PATCH

title:cisco-sa-dcnm-api-path-TpTApx2purl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-api-path-TpTApx2p

Trust: 0.8

title:Cisco Data Center Network Manager Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139848

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager REST API Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-api-path-TpTApx2p

Trust: 0.1

sources: VULMON: CVE-2021-1255 // JVNDB: JVNDB-2021-002602 // CNNVD: CNNVD-202101-1595

EXTERNAL IDS

db:NVDid:CVE-2021-1255

Trust: 2.6

db:JVNDBid:JVNDB-2021-002602

Trust: 0.8

db:CNNVDid:CNNVD-202101-1595

Trust: 0.7

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:VULHUBid:VHN-374309

Trust: 0.1

db:VULMONid:CVE-2021-1255

Trust: 0.1

sources: VULHUB: VHN-374309 // VULMON: CVE-2021-1255 // JVNDB: JVNDB-2021-002602 // CNNVD: CNNVD-202101-1595 // NVD: CVE-2021-1255

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-api-path-tptapx2p

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1255

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-three-vulnerabilities-via-rest-api-34384

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/184.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195352

Trust: 0.1

sources: VULHUB: VHN-374309 // VULMON: CVE-2021-1255 // JVNDB: JVNDB-2021-002602 // CNNVD: CNNVD-202101-1595 // NVD: CVE-2021-1255

SOURCES

db:VULHUBid:VHN-374309
db:VULMONid:CVE-2021-1255
db:JVNDBid:JVNDB-2021-002602
db:CNNVDid:CNNVD-202101-1595
db:NVDid:CVE-2021-1255

LAST UPDATE DATE

2024-08-14T13:54:17.598000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374309date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1255date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002602date:2021-09-27T09:05:00
db:CNNVDid:CNNVD-202101-1595date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1255date:2023-11-07T03:27:48.617

SOURCES RELEASE DATE

db:VULHUBid:VHN-374309date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1255date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002602date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1595date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1255date:2021-01-20T20:15:13.987