ID

VAR-202104-0898


CVE

CVE-2021-1477


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Trust: 1.62

sources: NVD: CVE-2021-1477 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374531 // VULMON: CVE-2021-1477

AFFECTED PRODUCTS

vendor:ciscomodel:firepower management centerscope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.6.3

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.4.0.12

Trust: 1.0

vendor:ciscomodel:firepower management centerscope:ltversion:6.7.0.2

Trust: 1.0

sources: NVD: CVE-2021-1477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1477
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1477
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-2091
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374531
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1477
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1477
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374531
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1477
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-374531 // VULMON: CVE-2021-1477 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2091 // NVD: CVE-2021-1477 // NVD: CVE-2021-1477

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

sources: NVD: CVE-2021-1477

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2091

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2091

PATCH

title:Cisco Firepower Management Center Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148795

Trust: 0.6

title:Cisco: Cisco Firepower Management Center Software Policy Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-fmc-iac-pZDMQ4wC

Trust: 0.1

sources: VULMON: CVE-2021-1477 // CNNVD: CNNVD-202104-2091

EXTERNAL IDS

db:NVDid:CVE-2021-1477

Trust: 1.8

db:CNNVDid:CNNVD-202104-2091

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042902

Trust: 0.6

db:AUSCERTid:ESB-2021.1471

Trust: 0.6

db:VULHUBid:VHN-374531

Trust: 0.1

db:VULMONid:CVE-2021-1477

Trust: 0.1

sources: VULHUB: VHN-374531 // VULMON: CVE-2021-1477 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2091 // NVD: CVE-2021-1477

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fmc-iac-pzdmq4wc

Trust: 2.5

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1471

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1477

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042902

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374531 // VULMON: CVE-2021-1477 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2091 // NVD: CVE-2021-1477

SOURCES

db:VULHUBid:VHN-374531
db:VULMONid:CVE-2021-1477
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-2091
db:NVDid:CVE-2021-1477

LAST UPDATE DATE

2024-08-14T12:05:31.198000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374531date:2022-08-05T00:00:00
db:VULMONid:CVE-2021-1477date:2021-05-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-2091date:2022-08-10T00:00:00
db:NVDid:CVE-2021-1477date:2023-11-07T03:28:24.073

SOURCES RELEASE DATE

db:VULHUBid:VHN-374531date:2021-04-29T00:00:00
db:VULMONid:CVE-2021-1477date:2021-04-29T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-2091date:2021-04-28T00:00:00
db:NVDid:CVE-2021-1477date:2021-04-29T18:15:09.233