Details of VAR-202104-0895

ID

VAR-202104-0895

CVE

CVE-2021-1474

TITLE

Cisco Umbrella Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-427

DESCRIPTION

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Umbrella is a cloud security platform of Cisco (Cisco). The platform protects against cyber threats such as phishing, malware, and ransomware

Trust: 1.08

sources: NVD: CVE-2021-1474 // VULHUB: VHN-374528 // VULMON: CVE-2021-1474

AFFECTED PRODUCTS

vendor:

cisco

model:

umbrella

scope:

version:

Trust: 1.0

sources: NVD: CVE-2021-1474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1474
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1474
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-427
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374528
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1474
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1474
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374528
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1474
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	6.0
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1474
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.3
impactScore:	3.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374528 // VULMON: CVE-2021-1474 // CNNVD: CNNVD-202104-427 // NVD: CVE-2021-1474 // NVD: CVE-2021-1474

PROBLEMTYPE DATA

problemtype:

CWE-1236

Trust: 1.0

sources: NVD: CVE-2021-1474

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-427

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-427

PATCH

title:	Cisco Umbrella Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147010	Trust: 0.6
title:	Cisco: Cisco Umbrella Link and CSV Formula Injection Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-umbrella-inject-gbZGHP5T	Trust: 0.1

sources: VULMON: CVE-2021-1474 // CNNVD: CNNVD-202104-427

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1474	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-427	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.1174	Trust: 0.6
db:	VULHUB	id:	VHN-374528	Trust: 0.1
db:	VULMON	id:	CVE-2021-1474	Trust: 0.1

sources: VULHUB: VHN-374528 // VULMON: CVE-2021-1474 // CNNVD: CNNVD-202104-427 // NVD: CVE-2021-1474

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umbrella-inject-gbzghp5t	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1474	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1174	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/1236.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374528 // VULMON: CVE-2021-1474 // CNNVD: CNNVD-202104-427 // NVD: CVE-2021-1474

SOURCES

db:	VULHUB	id:	VHN-374528
db:	VULMON	id:	CVE-2021-1474
db:	CNNVD	id:	CNNVD-202104-427
db:	NVD	id:	CVE-2021-1474

LAST UPDATE DATE

2024-08-14T13:23:39.398000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374528	date:	2021-04-19T00:00:00
db:	VULMON	id:	CVE-2021-1474	date:	2021-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-427	date:	2021-04-20T00:00:00
db:	NVD	id:	CVE-2021-1474	date:	2023-11-07T03:28:23.573

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374528	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-1474	date:	2021-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-427	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-1474	date:	2021-04-08T04:15:13.843