Sign-up

ID

VAR-202101-1061


CVE

CVE-2021-1349


TITLE

Cisco SD-WAN vManage  Vulnerability in improper neutralization of special elements of data query logic in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-002621

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information. Cisco SD-WAN vManage The software contains a vulnerability related to improper neutralization of special elements of data query logic.Information may be obtained. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.8

sources: NVD: CVE-2021-1349 // JVNDB: JVNDB-2021-002621 // VULHUB: VHN-374403 // VULMON: CVE-2021-1349

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.3.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002621 // NVD: CVE-2021-1349

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1349
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1349
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1349
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1530
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374403
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1349
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1349
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374403
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1349
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1349
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374403 // VULMON: CVE-2021-1349 // JVNDB: JVNDB-2021-002621 // CNNVD: CNNVD-202101-1530 // NVD: CVE-2021-1349 // NVD: CVE-2021-1349

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-943

Trust: 1.0

problemtype:Inappropriate neutralization of special elements of data query logic (CWE-943) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-002621 // NVD: CVE-2021-1349

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1530

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1530

PATCH

title:cisco-sa-vmanage-cql-inject-72EhnUcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-72EhnUc

Trust: 0.8

title:Cisco SD-WAN vManage Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139793

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Cypher Query Language Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmanage-cql-inject-72EhnUc

Trust: 0.1

sources: VULMON: CVE-2021-1349 // JVNDB: JVNDB-2021-002621 // CNNVD: CNNVD-202101-1530

EXTERNAL IDS

db:NVDid:CVE-2021-1349

Trust: 2.6

db:JVNDBid:JVNDB-2021-002621

Trust: 0.8

db:AUSCERTid:ESB-2021.0244

Trust: 0.6

db:CNNVDid:CNNVD-202101-1530

Trust: 0.6

db:VULHUBid:VHN-374403

Trust: 0.1

db:VULMONid:CVE-2021-1349

Trust: 0.1

sources: VULHUB: VHN-374403 // VULMON: CVE-2021-1349 // JVNDB: JVNDB-2021-002621 // CNNVD: CNNVD-202101-1530 // NVD: CVE-2021-1349

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-cql-inject-72ehnuc

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1349

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0244/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/943.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195333

Trust: 0.1

sources: VULHUB: VHN-374403 // VULMON: CVE-2021-1349 // JVNDB: JVNDB-2021-002621 // CNNVD: CNNVD-202101-1530 // NVD: CVE-2021-1349

SOURCES

db:VULHUBid:VHN-374403
db:VULMONid:CVE-2021-1349
db:JVNDBid:JVNDB-2021-002621
db:CNNVDid:CNNVD-202101-1530
db:NVDid:CVE-2021-1349

LAST UPDATE DATE

2024-11-23T21:51:04.921000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374403date:2022-09-20T00:00:00
db:VULMONid:CVE-2021-1349date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002621date:2021-09-27T09:06:00
db:CNNVDid:CNNVD-202101-1530date:2022-09-21T00:00:00
db:NVDid:CVE-2021-1349date:2024-11-21T05:44:09.207

SOURCES RELEASE DATE

db:VULHUBid:VHN-374403date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1349date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002621date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1530date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1349date:2021-01-20T20:15:17.377