Details of VAR-202101-1031

ID

VAR-202101-1031

CVE

CVE-2021-1305

TITLE

Cisco SD-WAN vManage Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-002788

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage There are unspecified vulnerabilities in the software.Information may be obtained. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.8

sources: NVD: CVE-2021-1305 // JVNDB: JVNDB-2021-002788 // VULHUB: VHN-374359 // VULMON: CVE-2021-1305

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan vsmart controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	20.4.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vsmart controller	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002788 // NVD: CVE-2021-1305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1305
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1305
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1305
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1533
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374359
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1305
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1305
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374359
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1305
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1305
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1305
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374359 // VULMON: CVE-2021-1305 // JVNDB: JVNDB-2021-002788 // CNNVD: CNNVD-202101-1533 // NVD: CVE-2021-1305 // NVD: CVE-2021-1305

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374359 // JVNDB: JVNDB-2021-002788 // NVD: CVE-2021-1305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1533

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1533

PATCH

title:	cisco-sa-sdwan-abyp-TnGFHrS	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-abyp-TnGFHrS	Trust: 0.8
title:	Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139925	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Authorization Bypass Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-abyp-TnGFHrS	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2021-1305 // JVNDB: JVNDB-2021-002788 // CNNVD: CNNVD-202101-1533

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1305	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002788	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0244	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1533	Trust: 0.6
db:	VULHUB	id:	VHN-374359	Trust: 0.1
db:	VULMON	id:	CVE-2021-1305	Trust: 0.1

sources: VULHUB: VHN-374359 // VULMON: CVE-2021-1305 // JVNDB: JVNDB-2021-002788 // CNNVD: CNNVD-202101-1533 // NVD: CVE-2021-1305

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-abyp-tngfhrs	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1305	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0244/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195328	Trust: 0.1

sources: VULHUB: VHN-374359 // VULMON: CVE-2021-1305 // JVNDB: JVNDB-2021-002788 // CNNVD: CNNVD-202101-1533 // NVD: CVE-2021-1305

SOURCES

db:	VULHUB	id:	VHN-374359
db:	VULMON	id:	CVE-2021-1305
db:	JVNDB	id:	JVNDB-2021-002788
db:	CNNVD	id:	CNNVD-202101-1533
db:	NVD	id:	CVE-2021-1305

LAST UPDATE DATE

2024-11-23T21:51:04.893000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374359	date:	2022-09-20T00:00:00
db:	VULMON	id:	CVE-2021-1305	date:	2021-01-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-002788	date:	2021-10-01T08:56:00
db:	CNNVD	id:	CNNVD-202101-1533	date:	2022-09-21T00:00:00
db:	NVD	id:	CVE-2021-1305	date:	2024-11-21T05:44:03.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374359	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1305	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002788	date:	2021-10-01T00:00:00
db:	CNNVD	id:	CNNVD-202101-1533	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1305	date:	2021-01-20T20:15:17.207