ID

VAR-202102-0683


CVE

CVE-2021-1416


TITLE

Cisco Identity Services Engine  Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2021-003804

DESCRIPTION

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. Please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2021-1416 // JVNDB: JVNDB-2021-003804 // VULHUB: VHN-374470

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.4.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:ltversion:2.3.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.0.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.3.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003804 // NVD: CVE-2021-1416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1416
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1416
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1416
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202102-1299
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374470
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1416
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374470
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1416
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1416
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-1416
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374470 // JVNDB: JVNDB-2021-003804 // CNNVD: CNNVD-202102-1299 // NVD: CVE-2021-1416 // NVD: CVE-2021-1416

PROBLEMTYPE DATA

problemtype:CWE-266

Trust: 1.1

problemtype:CWE-269

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374470 // JVNDB: JVNDB-2021-003804 // NVD: CVE-2021-1416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1299

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202102-1299

PATCH

title:cisco-sa-ise-info-exp-8RsuEu8Surl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S

Trust: 0.8

title:Cisco Cisco Identity Services Engine Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142448

Trust: 0.6

sources: JVNDB: JVNDB-2021-003804 // CNNVD: CNNVD-202102-1299

EXTERNAL IDS

db:NVDid:CVE-2021-1416

Trust: 2.5

db:JVNDBid:JVNDB-2021-003804

Trust: 0.8

db:CNNVDid:CNNVD-202102-1299

Trust: 0.7

db:AUSCERTid:ESB-2021.0595

Trust: 0.6

db:CNVDid:CNVD-2021-24475

Trust: 0.1

db:VULHUBid:VHN-374470

Trust: 0.1

sources: VULHUB: VHN-374470 // JVNDB: JVNDB-2021-003804 // CNNVD: CNNVD-202102-1299 // NVD: CVE-2021-1416

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-info-exp-8rsueu8s

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-1416

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0595

Trust: 0.6

sources: VULHUB: VHN-374470 // JVNDB: JVNDB-2021-003804 // CNNVD: CNNVD-202102-1299 // NVD: CVE-2021-1416

SOURCES

db:VULHUBid:VHN-374470
db:JVNDBid:JVNDB-2021-003804
db:CNNVDid:CNNVD-202102-1299
db:NVDid:CVE-2021-1416

LAST UPDATE DATE

2024-08-14T15:06:56.823000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374470date:2021-02-23T00:00:00
db:JVNDBid:JVNDB-2021-003804date:2021-11-04T09:16:00
db:CNNVDid:CNNVD-202102-1299date:2021-03-01T00:00:00
db:NVDid:CVE-2021-1416date:2023-11-07T03:28:15.373

SOURCES RELEASE DATE

db:VULHUBid:VHN-374470date:2021-02-17T00:00:00
db:JVNDBid:JVNDB-2021-003804date:2021-11-04T00:00:00
db:CNNVDid:CNNVD-202102-1299date:2021-02-17T00:00:00
db:NVDid:CVE-2021-1416date:2021-02-17T17:15:14.550