Details of VAR-202104-0896

ID

VAR-202104-0896

CVE

CVE-2021-1475

TITLE

Cisco Umbrella Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-428

DESCRIPTION

Multiple vulnerabilities in the Admin audit log export feature and Scheduled Reports feature of Cisco Umbrella could allow an authenticated, remote attacker to perform formula and link injection attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Umbrella is a cloud security platform of Cisco (Cisco). The platform protects against cyber threats such as phishing, malware, and ransomware

Trust: 1.08

sources: NVD: CVE-2021-1475 // VULHUB: VHN-374529 // VULMON: CVE-2021-1475

AFFECTED PRODUCTS

vendor:

cisco

model:

umbrella

scope:

version:

Trust: 1.0

sources: NVD: CVE-2021-1475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1475
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1475
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-428
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374529
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1475
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1475
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374529
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1475
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	1.4
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1475
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.3
impactScore:	3.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374529 // VULMON: CVE-2021-1475 // CNNVD: CNNVD-202104-428 // NVD: CVE-2021-1475 // NVD: CVE-2021-1475

PROBLEMTYPE DATA

problemtype:

CWE-1236

Trust: 1.0

sources: NVD: CVE-2021-1475

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-428

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-428

PATCH

title:	Cisco Umbrella Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147011	Trust: 0.6
title:	Cisco: Cisco Umbrella Link and CSV Formula Injection Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-umbrella-inject-gbZGHP5T	Trust: 0.1

sources: VULMON: CVE-2021-1475 // CNNVD: CNNVD-202104-428

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1475	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.1174	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-428	Trust: 0.6
db:	VULHUB	id:	VHN-374529	Trust: 0.1
db:	VULMON	id:	CVE-2021-1475	Trust: 0.1

sources: VULHUB: VHN-374529 // VULMON: CVE-2021-1475 // CNNVD: CNNVD-202104-428 // NVD: CVE-2021-1475

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umbrella-inject-gbzghp5t	Trust: 1.9
url:	https://www.auscert.org.au/bulletins/esb-2021.1174	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1475	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/1236.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374529 // VULMON: CVE-2021-1475 // CNNVD: CNNVD-202104-428 // NVD: CVE-2021-1475

SOURCES

db:	VULHUB	id:	VHN-374529
db:	VULMON	id:	CVE-2021-1475
db:	CNNVD	id:	CNNVD-202104-428
db:	NVD	id:	CVE-2021-1475

LAST UPDATE DATE

2024-08-14T13:23:39.375000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374529	date:	2021-04-20T00:00:00
db:	VULMON	id:	CVE-2021-1475	date:	2021-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202104-428	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-2021-1475	date:	2023-11-07T03:28:23.750

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374529	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-1475	date:	2021-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-428	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-1475	date:	2021-04-08T04:15:13.967