ID

VAR-202101-1051


CVE

CVE-2021-1270


TITLE

Cisco Data Center Network Manager  Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-002607

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1270 // JVNDB: JVNDB-2021-002607 // VULHUB: VHN-374324 // VULMON: CVE-2021-1270

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.5\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002607 // NVD: CVE-2021-1270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1270
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1270
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1270
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1551
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374324
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1270
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1270
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374324
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1270
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1270
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1270
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374324 // VULMON: CVE-2021-1270 // JVNDB: JVNDB-2021-002607 // CNNVD: CNNVD-202101-1551 // NVD: CVE-2021-1270 // NVD: CVE-2021-1270

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374324 // JVNDB: JVNDB-2021-002607 // NVD: CVE-2021-1270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1551

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1551

PATCH

title:cisco-sa-dcnm-authbypass-OHBPbxuurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-OHBPbxu

Trust: 0.8

title:Cisco Data Center Network Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139809

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager Authorization Bypass Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-authbypass-OHBPbxu

Trust: 0.1

sources: VULMON: CVE-2021-1270 // JVNDB: JVNDB-2021-002607 // CNNVD: CNNVD-202101-1551

EXTERNAL IDS

db:NVDid:CVE-2021-1270

Trust: 2.6

db:JVNDBid:JVNDB-2021-002607

Trust: 0.8

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:CNNVDid:CNNVD-202101-1551

Trust: 0.6

db:VULHUBid:VHN-374324

Trust: 0.1

db:VULMONid:CVE-2021-1270

Trust: 0.1

sources: VULHUB: VHN-374324 // VULMON: CVE-2021-1270 // JVNDB: JVNDB-2021-002607 // CNNVD: CNNVD-202101-1551 // NVD: CVE-2021-1270

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-authbypass-ohbpbxu

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1270

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-privilege-escalation-via-authorization-bypass-34385

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195326

Trust: 0.1

sources: VULHUB: VHN-374324 // VULMON: CVE-2021-1270 // JVNDB: JVNDB-2021-002607 // CNNVD: CNNVD-202101-1551 // NVD: CVE-2021-1270

SOURCES

db:VULHUBid:VHN-374324
db:VULMONid:CVE-2021-1270
db:JVNDBid:JVNDB-2021-002607
db:CNNVDid:CNNVD-202101-1551
db:NVDid:CVE-2021-1270

LAST UPDATE DATE

2024-11-23T21:51:05.143000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374324date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1270date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002607date:2021-09-27T09:05:00
db:CNNVDid:CNNVD-202101-1551date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1270date:2024-11-21T05:43:58.407

SOURCES RELEASE DATE

db:VULHUBid:VHN-374324date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1270date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002607date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1551date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1270date:2021-01-20T20:15:15.737