ID

VAR-202102-0682


CVE

CVE-2021-1412


TITLE

Cisco Identity Services Engine  Inappropriate permission setting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-003809

DESCRIPTION

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.71

sources: NVD: CVE-2021-1412 // JVNDB: JVNDB-2021-003809 // VULHUB: VHN-374466

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:3.0.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.3.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.4.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:ltversion:2.3.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003809 // NVD: CVE-2021-1412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1412
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1412
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1412
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202102-1274
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374466
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1412
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374466
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1412
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1412
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374466 // JVNDB: JVNDB-2021-003809 // CNNVD: CNNVD-202102-1274 // NVD: CVE-2021-1412 // NVD: CVE-2021-1412

PROBLEMTYPE DATA

problemtype:CWE-266

Trust: 1.1

problemtype:Inappropriate permission settings (CWE-266) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374466 // JVNDB: JVNDB-2021-003809 // NVD: CVE-2021-1412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1274

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1274

PATCH

title:cisco-sa-ise-info-exp-8RsuEu8Surl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S

Trust: 0.8

title:Cisco Cisco Identity Services Engine Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142433

Trust: 0.6

sources: JVNDB: JVNDB-2021-003809 // CNNVD: CNNVD-202102-1274

EXTERNAL IDS

db:NVDid:CVE-2021-1412

Trust: 2.5

db:JVNDBid:JVNDB-2021-003809

Trust: 0.8

db:AUSCERTid:ESB-2021.0595

Trust: 0.6

db:CNNVDid:CNNVD-202102-1274

Trust: 0.6

db:CNVDid:CNVD-2021-24476

Trust: 0.1

db:VULHUBid:VHN-374466

Trust: 0.1

sources: VULHUB: VHN-374466 // JVNDB: JVNDB-2021-003809 // CNNVD: CNNVD-202102-1274 // NVD: CVE-2021-1412

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-info-exp-8rsueu8s

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1412

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.0595

Trust: 0.6

sources: VULHUB: VHN-374466 // JVNDB: JVNDB-2021-003809 // CNNVD: CNNVD-202102-1274 // NVD: CVE-2021-1412

SOURCES

db:VULHUBid:VHN-374466
db:JVNDBid:JVNDB-2021-003809
db:CNNVDid:CNNVD-202102-1274
db:NVDid:CVE-2021-1412

LAST UPDATE DATE

2024-11-23T22:05:15.337000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374466date:2021-02-24T00:00:00
db:JVNDBid:JVNDB-2021-003809date:2021-11-05T05:06:00
db:CNNVDid:CNNVD-202102-1274date:2021-03-01T00:00:00
db:NVDid:CVE-2021-1412date:2024-11-21T05:44:17.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-374466date:2021-02-17T00:00:00
db:JVNDBid:JVNDB-2021-003809date:2021-11-05T00:00:00
db:CNNVDid:CNNVD-202102-1274date:2021-02-17T00:00:00
db:NVDid:CVE-2021-1412date:2021-02-17T17:15:13.987