ID

VAR-202101-1037


CVE

CVE-2021-1283


TITLE

Cisco Data Center Network Manager  Excessive size value memory allocation vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002816

DESCRIPTION

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // VULHUB: VHN-374337 // VULMON: CVE-2021-1283

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.5\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002816 // NVD: CVE-2021-1283

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1283
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1283
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1283
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1598
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374337
value: LOW

Trust: 0.1

VULMON: CVE-2021-1283
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1283
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374337
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1283
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1283
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374337 // VULMON: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // CNNVD: CNNVD-202101-1598 // NVD: CVE-2021-1283 // NVD: CVE-2021-1283

PROBLEMTYPE DATA

problemtype:CWE-789

Trust: 1.1

problemtype:Excessive size value memory allocation (CWE-789) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374337 // JVNDB: JVNDB-2021-002816 // NVD: CVE-2021-1283

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1598

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202101-1598

PATCH

title:cisco-sa-dcnm-info-disc-QCSJB6YGurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-info-disc-QCSJB6YG

Trust: 0.8

title:Cisco Data Center Network Manager Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139851

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-info-disc-QCSJB6YG

Trust: 0.1

sources: VULMON: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // CNNVD: CNNVD-202101-1598

EXTERNAL IDS

db:NVDid:CVE-2021-1283

Trust: 2.6

db:JVNDBid:JVNDB-2021-002816

Trust: 0.8

db:CNNVDid:CNNVD-202101-1598

Trust: 0.7

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:VULHUBid:VHN-374337

Trust: 0.1

db:VULMONid:CVE-2021-1283

Trust: 0.1

sources: VULHUB: VHN-374337 // VULMON: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // CNNVD: CNNVD-202101-1598 // NVD: CVE-2021-1283

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-info-disc-qcsjb6yg

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1283

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-information-disclosure-via-logging-subsystem-34387

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/789.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195316

Trust: 0.1

sources: VULHUB: VHN-374337 // VULMON: CVE-2021-1283 // JVNDB: JVNDB-2021-002816 // CNNVD: CNNVD-202101-1598 // NVD: CVE-2021-1283

SOURCES

db:VULHUBid:VHN-374337
db:VULMONid:CVE-2021-1283
db:JVNDBid:JVNDB-2021-002816
db:CNNVDid:CNNVD-202101-1598
db:NVDid:CVE-2021-1283

LAST UPDATE DATE

2024-08-14T13:54:17.656000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374337date:2021-01-26T00:00:00
db:VULMONid:CVE-2021-1283date:2021-01-26T00:00:00
db:JVNDBid:JVNDB-2021-002816date:2021-10-05T08:22:00
db:CNNVDid:CNNVD-202101-1598date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1283date:2023-11-07T03:27:52.227

SOURCES RELEASE DATE

db:VULHUBid:VHN-374337date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1283date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002816date:2021-10-05T00:00:00
db:CNNVDid:CNNVD-202101-1598date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1283date:2021-01-20T20:15:16.503