Details of VAR-202101-1057

ID

VAR-202101-1057

CVE

CVE-2021-1277

TITLE

Cisco Data Center Network Manager Vulnerability in Certificate Verification

Trust: 0.8

sources: JVNDB: JVNDB-2021-002817

DESCRIPTION

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Data Center Network Manager (DCNM) Contains a certificate validation vulnerability.Information may be obtained and information may be tampered with. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.8

sources: NVD: CVE-2021-1277 // JVNDB: JVNDB-2021-002817 // VULHUB: VHN-374331 // VULMON: CVE-2021-1277

AFFECTED PRODUCTS

vendor:	cisco	model:	data center network manager	scope:	lt	version:	11.5\(1\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco data center network manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco data center network manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002817 // NVD: CVE-2021-1277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1277
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1277
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1277
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-1545
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374331
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1277
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1277
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374331
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1277
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	4.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1277
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1277
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374331 // VULMON: CVE-2021-1277 // JVNDB: JVNDB-2021-002817 // CNNVD: CNNVD-202101-1545 // NVD: CVE-2021-1277 // NVD: CVE-2021-1277

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.1
problemtype:	Bad certificate verification (CWE-295) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374331 // JVNDB: JVNDB-2021-002817 // NVD: CVE-2021-1277

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1545

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202101-1545

PATCH

title:	cisco-sa-dcnm-cert-check-BdZZV9T3	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3	Trust: 0.8
title:	Cisco Data Center Network Manager Repair measures for trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139803	Trust: 0.6
title:	Cisco: Cisco Data Center Network Manager Certificate Validation Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dcnm-cert-check-BdZZV9T3	Trust: 0.1

sources: VULMON: CVE-2021-1277 // JVNDB: JVNDB-2021-002817 // CNNVD: CNNVD-202101-1545

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1277	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002817	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0246	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1545	Trust: 0.6
db:	VULHUB	id:	VHN-374331	Trust: 0.1
db:	VULMON	id:	CVE-2021-1277	Trust: 0.1

sources: VULHUB: VHN-374331 // VULMON: CVE-2021-1277 // JVNDB: JVNDB-2021-002817 // CNNVD: CNNVD-202101-1545 // NVD: CVE-2021-1277

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dcnm-cert-check-bdzzv9t3	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1277	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0246/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-data-center-network-manager-man-in-the-middle-via-certificate-validation-34386	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/295.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374331 // VULMON: CVE-2021-1277 // JVNDB: JVNDB-2021-002817 // CNNVD: CNNVD-202101-1545 // NVD: CVE-2021-1277

SOURCES

db:	VULHUB	id:	VHN-374331
db:	VULMON	id:	CVE-2021-1277
db:	JVNDB	id:	JVNDB-2021-002817
db:	CNNVD	id:	CNNVD-202101-1545
db:	NVD	id:	CVE-2021-1277

LAST UPDATE DATE

2024-08-14T13:54:17.540000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374331	date:	2021-01-26T00:00:00
db:	VULMON	id:	CVE-2021-1277	date:	2021-01-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-002817	date:	2021-10-05T08:43:00
db:	CNNVD	id:	CNNVD-202101-1545	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1277	date:	2023-11-07T03:27:51.137

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374331	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1277	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002817	date:	2021-10-05T00:00:00
db:	CNNVD	id:	CNNVD-202101-1545	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1277	date:	2021-01-20T20:15:16.110