ID

VAR-202101-1050


CVE

CVE-2021-1269


TITLE

Cisco Data Center Network Manager  Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-002606

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1269 // JVNDB: JVNDB-2021-002606 // VULHUB: VHN-374323 // VULMON: CVE-2021-1269

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.5\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002606 // NVD: CVE-2021-1269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1269
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1269
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1269
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1552
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374323
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1269
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1269
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374323
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1269
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-1269
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374323 // VULMON: CVE-2021-1269 // JVNDB: JVNDB-2021-002606 // CNNVD: CNNVD-202101-1552 // NVD: CVE-2021-1269 // NVD: CVE-2021-1269

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374323 // JVNDB: JVNDB-2021-002606 // NVD: CVE-2021-1269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1552

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1552

PATCH

title:cisco-sa-dcnm-authbypass-OHBPbxuurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-OHBPbxu

Trust: 0.8

title:Cisco Data Center Network Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139810

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager Authorization Bypass Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-authbypass-OHBPbxu

Trust: 0.1

sources: VULMON: CVE-2021-1269 // JVNDB: JVNDB-2021-002606 // CNNVD: CNNVD-202101-1552

EXTERNAL IDS

db:NVDid:CVE-2021-1269

Trust: 2.6

db:JVNDBid:JVNDB-2021-002606

Trust: 0.8

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:CNNVDid:CNNVD-202101-1552

Trust: 0.6

db:VULHUBid:VHN-374323

Trust: 0.1

db:VULMONid:CVE-2021-1269

Trust: 0.1

sources: VULHUB: VHN-374323 // VULMON: CVE-2021-1269 // JVNDB: JVNDB-2021-002606 // CNNVD: CNNVD-202101-1552 // NVD: CVE-2021-1269

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-authbypass-ohbpbxu

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1269

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-privilege-escalation-via-authorization-bypass-34385

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195330

Trust: 0.1

sources: VULHUB: VHN-374323 // VULMON: CVE-2021-1269 // JVNDB: JVNDB-2021-002606 // CNNVD: CNNVD-202101-1552 // NVD: CVE-2021-1269

SOURCES

db:VULHUBid:VHN-374323
db:VULMONid:CVE-2021-1269
db:JVNDBid:JVNDB-2021-002606
db:CNNVDid:CNNVD-202101-1552
db:NVDid:CVE-2021-1269

LAST UPDATE DATE

2024-08-14T13:54:17.483000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374323date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1269date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002606date:2021-09-27T09:05:00
db:CNNVDid:CNNVD-202101-1552date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1269date:2023-11-07T03:27:49.697

SOURCES RELEASE DATE

db:VULHUBid:VHN-374323date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1269date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002606date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1552date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1269date:2021-01-20T20:15:15.657