Details of VAR-202102-0682

ID

VAR-202102-0682

CVE

CVE-2021-1412

TITLE

Cisco Identity Services Engine Inappropriate permission setting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-003809

DESCRIPTION

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.71

sources: NVD: CVE-2021-1412 // JVNDB: JVNDB-2021-003809 // VULHUB: VHN-374466

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.4.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	lt	version:	2.3.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.7.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.3.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco identity services engine	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco identity services engine	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-003809 // NVD: CVE-2021-1412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1412
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1412
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1412
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202102-1274
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374466
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1412
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374466
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1412
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1412
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374466 // JVNDB: JVNDB-2021-003809 // CNNVD: CNNVD-202102-1274 // NVD: CVE-2021-1412 // NVD: CVE-2021-1412

PROBLEMTYPE DATA

problemtype:	CWE-266	Trust: 1.1
problemtype:	Inappropriate permission settings (CWE-266) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374466 // JVNDB: JVNDB-2021-003809 // NVD: CVE-2021-1412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1274

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-1274

PATCH

title:	cisco-sa-ise-info-exp-8RsuEu8S	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S	Trust: 0.8
title:	Cisco Cisco Identity Services Engine Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142433	Trust: 0.6

sources: JVNDB: JVNDB-2021-003809 // CNNVD: CNNVD-202102-1274

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1412	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-003809	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0595	Trust: 0.6
db:	CNNVD	id:	CNNVD-202102-1274	Trust: 0.6
db:	CNVD	id:	CNVD-2021-24476	Trust: 0.1
db:	VULHUB	id:	VHN-374466	Trust: 0.1

sources: VULHUB: VHN-374466 // JVNDB: JVNDB-2021-003809 // CNNVD: CNNVD-202102-1274 // NVD: CVE-2021-1412

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-info-exp-8rsueu8s	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1412	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.0595	Trust: 0.6

sources: VULHUB: VHN-374466 // JVNDB: JVNDB-2021-003809 // CNNVD: CNNVD-202102-1274 // NVD: CVE-2021-1412

SOURCES

db:	VULHUB	id:	VHN-374466
db:	JVNDB	id:	JVNDB-2021-003809
db:	CNNVD	id:	CNNVD-202102-1274
db:	NVD	id:	CVE-2021-1412

LAST UPDATE DATE

2024-08-14T15:06:56.798000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374466	date:	2021-02-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-003809	date:	2021-11-05T05:06:00
db:	CNNVD	id:	CNNVD-202102-1274	date:	2021-03-01T00:00:00
db:	NVD	id:	CVE-2021-1412	date:	2023-11-07T03:28:14.643

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374466	date:	2021-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-003809	date:	2021-11-05T00:00:00
db:	CNNVD	id:	CNNVD-202102-1274	date:	2021-02-17T00:00:00
db:	NVD	id:	CVE-2021-1412	date:	2021-02-17T17:15:13.987