ID

VAR-202101-1056


CVE

CVE-2021-1276


TITLE

Cisco Data Center Network Manager  Vulnerability in Certificate Verification

Trust: 0.8

sources: JVNDB: JVNDB-2021-002818

DESCRIPTION

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Contains a certificate validation vulnerability.Information may be obtained and information may be tampered with. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1276 // JVNDB: JVNDB-2021-002818 // VULHUB: VHN-374330 // VULMON: CVE-2021-1276

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:ltversion:11.5\(1\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco data center network managerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco data center network managerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002818 // NVD: CVE-2021-1276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1276
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1276
value: HIGH

Trust: 1.0

NVD: CVE-2021-1276
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1546
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374330
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1276
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1276
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374330
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1276
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 4.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1276
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-1276
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374330 // VULMON: CVE-2021-1276 // JVNDB: JVNDB-2021-002818 // CNNVD: CNNVD-202101-1546 // NVD: CVE-2021-1276 // NVD: CVE-2021-1276

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:Bad certificate verification (CWE-295) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374330 // JVNDB: JVNDB-2021-002818 // NVD: CVE-2021-1276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1546

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202101-1546

PATCH

title:cisco-sa-dcnm-cert-check-BdZZV9T3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3

Trust: 0.8

title:Cisco Data Center Network Manager Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139928

Trust: 0.6

title:Cisco: Cisco Data Center Network Manager Certificate Validation Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-cert-check-BdZZV9T3

Trust: 0.1

sources: VULMON: CVE-2021-1276 // JVNDB: JVNDB-2021-002818 // CNNVD: CNNVD-202101-1546

EXTERNAL IDS

db:NVDid:CVE-2021-1276

Trust: 2.6

db:JVNDBid:JVNDB-2021-002818

Trust: 0.8

db:AUSCERTid:ESB-2021.0246

Trust: 0.6

db:CNNVDid:CNNVD-202101-1546

Trust: 0.6

db:VULHUBid:VHN-374330

Trust: 0.1

db:VULMONid:CVE-2021-1276

Trust: 0.1

sources: VULHUB: VHN-374330 // VULMON: CVE-2021-1276 // JVNDB: JVNDB-2021-002818 // CNNVD: CNNVD-202101-1546 // NVD: CVE-2021-1276

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-cert-check-bdzzv9t3

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1276

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0246/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-data-center-network-manager-man-in-the-middle-via-certificate-validation-34386

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/295.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374330 // VULMON: CVE-2021-1276 // JVNDB: JVNDB-2021-002818 // CNNVD: CNNVD-202101-1546 // NVD: CVE-2021-1276

SOURCES

db:VULHUBid:VHN-374330
db:VULMONid:CVE-2021-1276
db:JVNDBid:JVNDB-2021-002818
db:CNNVDid:CNNVD-202101-1546
db:NVDid:CVE-2021-1276

LAST UPDATE DATE

2024-08-14T13:54:17.627000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374330date:2021-01-26T00:00:00
db:VULMONid:CVE-2021-1276date:2021-01-26T00:00:00
db:JVNDBid:JVNDB-2021-002818date:2021-10-05T08:46:00
db:CNNVDid:CNNVD-202101-1546date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1276date:2023-11-07T03:27:50.977

SOURCES RELEASE DATE

db:VULHUBid:VHN-374330date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1276date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002818date:2021-10-05T00:00:00
db:CNNVDid:CNNVD-202101-1546date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1276date:2021-01-20T20:15:16.050