ID

VAR-202102-0470


CVE

CVE-2021-1128


TITLE

Cisco IOS XR  Vulnerability in software regarding insertion of important information into transmitted data

Trust: 0.8

sources: JVNDB: JVNDB-2021-003114

DESCRIPTION

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user. Cisco IOS XR is an operating system developed by Cisco for its network equipment

Trust: 1.8

sources: NVD: CVE-2021-1128 // JVNDB: JVNDB-2021-003114 // VULHUB: VHN-374182 // VULMON: CVE-2021-1128

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:7.2.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:7.1.2

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:7.3.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xrscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xrscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003114 // NVD: CVE-2021-1128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1128
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1128
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1128
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202102-235
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374182
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1128
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374182
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1128
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1128
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374182 // JVNDB: JVNDB-2021-003114 // CNNVD: CNNVD-202102-235 // NVD: CVE-2021-1128 // NVD: CVE-2021-1128

PROBLEMTYPE DATA

problemtype:CWE-201

Trust: 1.1

problemtype:Inserting important information into outgoing data (CWE-201) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374182 // JVNDB: JVNDB-2021-003114 // NVD: CVE-2021-1128

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-235

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202102-235

PATCH

title:cisco-sa-ios-infodisc-4mtm9Gyturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-infodisc-4mtm9Gyt

Trust: 0.8

title:Cisco IOS and Cisco IOS XR Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140725

Trust: 0.6

title:Cisco: Cisco IOS XR Software Unauthorized Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ios-infodisc-4mtm9Gyt

Trust: 0.1

sources: VULMON: CVE-2021-1128 // JVNDB: JVNDB-2021-003114 // CNNVD: CNNVD-202102-235

EXTERNAL IDS

db:NVDid:CVE-2021-1128

Trust: 2.6

db:JVNDBid:JVNDB-2021-003114

Trust: 0.8

db:CNNVDid:CNNVD-202102-235

Trust: 0.6

db:VULHUBid:VHN-374182

Trust: 0.1

db:VULMONid:CVE-2021-1128

Trust: 0.1

sources: VULHUB: VHN-374182 // VULMON: CVE-2021-1128 // JVNDB: JVNDB-2021-003114 // CNNVD: CNNVD-202102-235 // NVD: CVE-2021-1128

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-infodisc-4mtm9gyt

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1128

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-xr-information-disclosure-via-cli-parser-34473

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/201.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/196133

Trust: 0.1

sources: VULHUB: VHN-374182 // VULMON: CVE-2021-1128 // JVNDB: JVNDB-2021-003114 // CNNVD: CNNVD-202102-235 // NVD: CVE-2021-1128

SOURCES

db:VULHUBid:VHN-374182
db:VULMONid:CVE-2021-1128
db:JVNDBid:JVNDB-2021-003114
db:CNNVDid:CNNVD-202102-235
db:NVDid:CVE-2021-1128

LAST UPDATE DATE

2024-08-14T15:33:15.988000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374182date:2021-02-08T00:00:00
db:VULMONid:CVE-2021-1128date:2021-02-08T00:00:00
db:JVNDBid:JVNDB-2021-003114date:2021-10-18T08:04:00
db:CNNVDid:CNNVD-202102-235date:2021-02-09T00:00:00
db:NVDid:CVE-2021-1128date:2023-11-07T03:27:27.603

SOURCES RELEASE DATE

db:VULHUBid:VHN-374182date:2021-02-04T00:00:00
db:VULMONid:CVE-2021-1128date:2021-02-04T00:00:00
db:JVNDBid:JVNDB-2021-003114date:2021-10-18T00:00:00
db:CNNVDid:CNNVD-202102-235date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1128date:2021-02-04T17:15:14.310