Details of VAR-202101-1037

ID

VAR-202101-1037

CVE

CVE-2021-1283

TITLE

Cisco Data Center Network Manager Excessive size value memory allocation vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002816

DESCRIPTION

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // VULHUB: VHN-374337 // VULMON: CVE-2021-1283

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.5\(1\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco data center network manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco data center network manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002816 // NVD: CVE-2021-1283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1283
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1283
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1283
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1598
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374337
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1283
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1283
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374337
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1283
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1283
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374337 // VULMON: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // CNNVD: CNNVD-202101-1598 // NVD: CVE-2021-1283 // NVD: CVE-2021-1283

PROBLEMTYPE DATA

problemtype:	CWE-789	Trust: 1.1
problemtype:	Excessive size value memory allocation (CWE-789) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374337 // JVNDB: JVNDB-2021-002816 // NVD: CVE-2021-1283

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1598

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202101-1598

PATCH

title:	cisco-sa-dcnm-info-disc-QCSJB6YG	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-info-disc-QCSJB6YG	Trust: 0.8
title:	Cisco Data Center Network Manager Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139851	Trust: 0.6
title:	Cisco: Cisco Data Center Network Manager Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-info-disc-QCSJB6YG	Trust: 0.1

sources: VULMON: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // CNNVD: CNNVD-202101-1598

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1283	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002816	Trust: 0.8
db:	CNNVD	id:	CNNVD-202101-1598	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0246	Trust: 0.6
db:	VULHUB	id:	VHN-374337	Trust: 0.1
db:	VULMON	id:	CVE-2021-1283	Trust: 0.1

sources: VULHUB: VHN-374337 // VULMON: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // CNNVD: CNNVD-202101-1598 // NVD: CVE-2021-1283

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-info-disc-qcsjb6yg	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1283	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0246/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-data-center-network-manager-information-disclosure-via-logging-subsystem-34387	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/789.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195316	Trust: 0.1

sources: VULHUB: VHN-374337 // VULMON: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // CNNVD: CNNVD-202101-1598 // NVD: CVE-2021-1283

SOURCES

db:	VULHUB	id:	VHN-374337
db:	VULMON	id:	CVE-2021-1283
db:	JVNDB	id:	JVNDB-2021-002816
db:	CNNVD	id:	CNNVD-202101-1598
db:	NVD	id:	CVE-2021-1283

LAST UPDATE DATE

2024-08-14T13:54:17.656000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374337	date:	2021-01-26T00:00:00
db:	VULMON	id:	CVE-2021-1283	date:	2021-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-002816	date:	2021-10-05T08:22:00
db:	CNNVD	id:	CNNVD-202101-1598	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1283	date:	2023-11-07T03:27:52.227

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374337	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1283	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002816	date:	2021-10-05T00:00:00
db:	CNNVD	id:	CNNVD-202101-1598	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1283	date:	2021-01-20T20:15:16.503