Details of VAR-202101-1030

ID

VAR-202101-1030

CVE

CVE-2021-1304

TITLE

Cisco SD-WAN vManage Software Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1532

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.08

sources: NVD: CVE-2021-1304 // VULHUB: VHN-374358 // VULMON: CVE-2021-1304

AFFECTED PRODUCTS

vendor:

cisco

model:

catalyst sd-wan manager

scope:

version:

Trust: 1.0

sources: NVD: CVE-2021-1304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1304
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1304
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202101-1532
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374358
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1304
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1304
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374358
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1304
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1304
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374358 // VULMON: CVE-2021-1304 // CNNVD: CNNVD-202101-1532 // NVD: CVE-2021-1304 // NVD: CVE-2021-1304

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2021-1304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1532

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1532

PATCH

title:	Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139795	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Authorization Bypass Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-abyp-TnGFHrS	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2021-1304 // CNNVD: CNNVD-202101-1532

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1304	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.0244	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1532	Trust: 0.6
db:	VULHUB	id:	VHN-374358	Trust: 0.1
db:	VULMON	id:	CVE-2021-1304	Trust: 0.1

sources: VULHUB: VHN-374358 // VULMON: CVE-2021-1304 // CNNVD: CNNVD-202101-1532 // NVD: CVE-2021-1304

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-abyp-tngfhrs	Trust: 2.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0244/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1304	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195327	Trust: 0.1

sources: VULHUB: VHN-374358 // VULMON: CVE-2021-1304 // CNNVD: CNNVD-202101-1532 // NVD: CVE-2021-1304

SOURCES

db:	VULHUB	id:	VHN-374358
db:	VULMON	id:	CVE-2021-1304
db:	CNNVD	id:	CNNVD-202101-1532
db:	NVD	id:	CVE-2021-1304

LAST UPDATE DATE

2024-08-14T13:54:17.735000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374358	date:	2021-01-29T00:00:00
db:	VULMON	id:	CVE-2021-1304	date:	2021-01-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1532	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1304	date:	2023-11-07T03:27:55.023

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374358	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1304	date:	2021-01-20T00:00:00
db:	CNNVD	id:	CNNVD-202101-1532	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1304	date:	2021-01-20T20:15:17.127