Details of VAR-202101-1025

ID

VAR-202101-1025

CVE

CVE-2021-1257

TITLE

Cisco DNA Center Cross-site request forgery vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-002603

DESCRIPTION

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. Cisco DNA Center The software contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco DNA Center is a network management and command center service of Cisco (Cisco). Attackers can take advantage of this vulnerability to conduct arbitrary malicious operations

Trust: 1.8

sources: NVD: CVE-2021-1257 // JVNDB: JVNDB-2021-002603 // VULHUB: VHN-374311 // VULMON: CVE-2021-1257

AFFECTED PRODUCTS

vendor:	cisco	model:	dna center	scope:	lt	version:	2.1.1.0	Trust: 1.0
vendor:	mcafee	model:	agent	scope:	lt	version:	5.7.6	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco dna center	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002603 // NVD: CVE-2021-1257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1257
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1257
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1257
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202101-1613
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374311
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1257
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1257
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374311
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1257
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1257
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.0
Trust: 1.0
NVD:	CVE-2021-1257
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374311 // VULMON: CVE-2021-1257 // JVNDB: JVNDB-2021-002603 // CNNVD: CNNVD-202101-1613 // NVD: CVE-2021-1257 // NVD: CVE-2021-1257

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.1
problemtype:	Cross-site request forgery (CWE-352) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374311 // JVNDB: JVNDB-2021-002603 // NVD: CVE-2021-1257

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1613

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202101-1613

PATCH

title:	cisco-sa-dnac-csrf-dC83cMcV	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-csrf-dC83cMcV	Trust: 0.8
title:	Cisco DNA Center Software Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139866	Trust: 0.6
title:	Cisco: Cisco DNA Center Cross-Site Request Forgery Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dnac-csrf-dC83cMcV	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/	Trust: 0.1

sources: VULMON: CVE-2021-1257 // JVNDB: JVNDB-2021-002603 // CNNVD: CNNVD-202101-1613

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1257	Trust: 2.6
db:	MCAFEE	id:	SB10382	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-002603	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-1613	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.1645	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0243	Trust: 0.6
db:	VULHUB	id:	VHN-374311	Trust: 0.1
db:	VULMON	id:	CVE-2021-1257	Trust: 0.1

sources: VULHUB: VHN-374311 // VULMON: CVE-2021-1257 // JVNDB: JVNDB-2021-002603 // CNNVD: CNNVD-202101-1613 // NVD: CVE-2021-1257

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-csrf-dc83cmcv	Trust: 2.4
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10382	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1257	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0243/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1645	Trust: 0.6
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10382	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195321	Trust: 0.1
url:	https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/	Trust: 0.1

sources: VULHUB: VHN-374311 // VULMON: CVE-2021-1257 // JVNDB: JVNDB-2021-002603 // CNNVD: CNNVD-202101-1613 // NVD: CVE-2021-1257

SOURCES

db:	VULHUB	id:	VHN-374311
db:	VULMON	id:	CVE-2021-1257
db:	JVNDB	id:	JVNDB-2021-002603
db:	CNNVD	id:	CNNVD-202101-1613
db:	NVD	id:	CVE-2021-1257

LAST UPDATE DATE

2024-08-14T13:07:48.065000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374311	date:	2022-07-01T00:00:00
db:	VULMON	id:	CVE-2021-1257	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002603	date:	2021-09-27T09:05:00
db:	CNNVD	id:	CNNVD-202101-1613	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2021-1257	date:	2022-07-01T12:52:26.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374311	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1257	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002603	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1613	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1257	date:	2021-01-20T20:15:14.207