ID

VAR-202104-0896


CVE

CVE-2021-1475


TITLE

Cisco Umbrella Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-428

DESCRIPTION

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Umbrella is a cloud security platform of Cisco (Cisco). The platform protects against cyber threats such as phishing, malware, and ransomware

Trust: 1.08

sources: NVD: CVE-2021-1475 // VULHUB: VHN-374529 // VULMON: CVE-2021-1475

AFFECTED PRODUCTS

vendor:ciscomodel:umbrellascope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2021-1475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1475
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1475
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-428
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374529
value: LOW

Trust: 0.1

VULMON: CVE-2021-1475
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1475
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374529
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1475
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1475
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.3
impactScore: 3.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-374529 // VULMON: CVE-2021-1475 // CNNVD: CNNVD-202104-428 // NVD: CVE-2021-1475 // NVD: CVE-2021-1475

PROBLEMTYPE DATA

problemtype:CWE-1236

Trust: 1.0

sources: NVD: CVE-2021-1475

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-428

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-428

PATCH

title:Cisco Umbrella Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147011

Trust: 0.6

title:Cisco: Cisco Umbrella Link and CSV Formula Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-umbrella-inject-gbZGHP5T

Trust: 0.1

sources: VULMON: CVE-2021-1475 // CNNVD: CNNVD-202104-428

EXTERNAL IDS

db:NVDid:CVE-2021-1475

Trust: 1.8

db:AUSCERTid:ESB-2021.1174

Trust: 0.6

db:CNNVDid:CNNVD-202104-428

Trust: 0.6

db:VULHUBid:VHN-374529

Trust: 0.1

db:VULMONid:CVE-2021-1475

Trust: 0.1

sources: VULHUB: VHN-374529 // VULMON: CVE-2021-1475 // CNNVD: CNNVD-202104-428 // NVD: CVE-2021-1475

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umbrella-inject-gbzghp5t

Trust: 1.9

url:https://www.auscert.org.au/bulletins/esb-2021.1174

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1475

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/1236.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374529 // VULMON: CVE-2021-1475 // CNNVD: CNNVD-202104-428 // NVD: CVE-2021-1475

SOURCES

db:VULHUBid:VHN-374529
db:VULMONid:CVE-2021-1475
db:CNNVDid:CNNVD-202104-428
db:NVDid:CVE-2021-1475

LAST UPDATE DATE

2024-08-14T13:23:39.375000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374529date:2021-04-20T00:00:00
db:VULMONid:CVE-2021-1475date:2021-04-20T00:00:00
db:CNNVDid:CNNVD-202104-428date:2021-04-22T00:00:00
db:NVDid:CVE-2021-1475date:2023-11-07T03:28:23.750

SOURCES RELEASE DATE

db:VULHUBid:VHN-374529date:2021-04-08T00:00:00
db:VULMONid:CVE-2021-1475date:2021-04-08T00:00:00
db:CNNVDid:CNNVD-202104-428date:2021-04-07T00:00:00
db:NVDid:CVE-2021-1475date:2021-04-08T04:15:13.967