ID

VAR-202101-1038


CVE

CVE-2021-1286


TITLE

Cisco Data Center Network Manager  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-002614

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Is vulnerable to input validation.Information may be obtained and information may be tampered with. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1286 // JVNDB: JVNDB-2021-002614 // VULHUB: VHN-374340 // VULMON: CVE-2021-1286

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.5\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002614 // NVD: CVE-2021-1286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1286
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1286
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1286
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1600
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374340
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1286
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1286
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374340
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1286
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1286
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.3
impactScore: 3.7
version: 3.1

Trust: 1.0

NVD: CVE-2021-1286
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374340 // VULMON: CVE-2021-1286 // JVNDB: JVNDB-2021-002614 // CNNVD: CNNVD-202101-1600 // NVD: CVE-2021-1286 // NVD: CVE-2021-1286

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374340 // JVNDB: JVNDB-2021-002614 // NVD: CVE-2021-1286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1600

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1600

PATCH

title:cisco-sa-dcnm-xss-vulns-GuUJ39ghurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-xss-vulns-GuUJ39gh

Trust: 0.8

title:Cisco Data Center Network Manager Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139954

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-xss-vulns-GuUJ39gh

Trust: 0.1

sources: VULMON: CVE-2021-1286 // JVNDB: JVNDB-2021-002614 // CNNVD: CNNVD-202101-1600

EXTERNAL IDS

db:NVDid:CVE-2021-1286

Trust: 2.6

db:JVNDBid:JVNDB-2021-002614

Trust: 0.8

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:CNNVDid:CNNVD-202101-1600

Trust: 0.6

db:VULHUBid:VHN-374340

Trust: 0.1

db:VULMONid:CVE-2021-1286

Trust: 0.1

sources: VULHUB: VHN-374340 // VULMON: CVE-2021-1286 // JVNDB: JVNDB-2021-002614 // CNNVD: CNNVD-202101-1600 // NVD: CVE-2021-1286

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-xss-vulns-guuj39gh

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1286

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-cross-site-scripting-via-network-operator-34390

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195337

Trust: 0.1

sources: VULHUB: VHN-374340 // VULMON: CVE-2021-1286 // JVNDB: JVNDB-2021-002614 // CNNVD: CNNVD-202101-1600 // NVD: CVE-2021-1286

SOURCES

db:VULHUBid:VHN-374340
db:VULMONid:CVE-2021-1286
db:JVNDBid:JVNDB-2021-002614
db:CNNVDid:CNNVD-202101-1600
db:NVDid:CVE-2021-1286

LAST UPDATE DATE

2024-08-14T13:54:17.311000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374340date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1286date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002614date:2021-09-27T09:06:00
db:CNNVDid:CNNVD-202101-1600date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1286date:2023-11-07T03:27:52.637

SOURCES RELEASE DATE

db:VULHUBid:VHN-374340date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1286date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002614date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1600date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1286date:2021-01-20T20:15:16.563