Details of VAR-202105-0442

ID

VAR-202105-0442

CVE

CVE-2021-1358

TITLE

Cisco Finesse Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007181

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites. Cisco Finesse Contains an open redirect vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Finesse is a set of call center management software developed by Cisco

Trust: 2.34

sources: NVD: CVE-2021-1358 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374412 // VULMON: CVE-2021-1358

AFFECTED PRODUCTS

vendor:	cisco	model:	finesse	scope:	lte	version:	12.6\(1\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco finesse	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco finesse	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007181 // NVD: CVE-2021-1358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1358
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1358
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1358
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1269
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374412
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1358
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374412
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1358
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1358
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1358
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374412 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1269 // NVD: CVE-2021-1358 // NVD: CVE-2021-1358

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.1
problemtype:	Open redirect (CWE-601) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374412 // JVNDB: JVNDB-2021-007181 // NVD: CVE-2021-1358

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1269

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-finesse-opn-rdrct-epDeh7R	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-opn-rdrct-epDeh7R	Trust: 0.8
title:	Cisco Finesse Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151159	Trust: 0.6
title:	Cisco: Cisco Finesse Open Redirect Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-finesse-opn-rdrct-epDeh7R	Trust: 0.1

sources: VULMON: CVE-2021-1358 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202105-1269

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1358	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-007181	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-1269	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021052011	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1746	Trust: 0.6
db:	VULHUB	id:	VHN-374412	Trust: 0.1
db:	VULMON	id:	CVE-2021-1358	Trust: 0.1

sources: VULHUB: VHN-374412 // VULMON: CVE-2021-1358 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1269 // NVD: CVE-2021-1358

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-finesse-opn-rdrct-epdeh7r	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1358	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-unified-ccx-open-redirect-via-finesse-35488	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052011	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1746	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374412 // VULMON: CVE-2021-1358 // JVNDB: JVNDB-2021-007181 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1269 // NVD: CVE-2021-1358

SOURCES

db:	VULHUB	id:	VHN-374412
db:	VULMON	id:	CVE-2021-1358
db:	JVNDB	id:	JVNDB-2021-007181
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1269
db:	NVD	id:	CVE-2021-1358

LAST UPDATE DATE

2024-08-14T12:20:56.840000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374412	date:	2021-05-27T00:00:00
db:	VULMON	id:	CVE-2021-1358	date:	2021-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-007181	date:	2022-02-03T08:31:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1269	date:	2021-05-28T00:00:00
db:	NVD	id:	CVE-2021-1358	date:	2023-11-07T03:28:05.180

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374412	date:	2021-05-22T00:00:00
db:	VULMON	id:	CVE-2021-1358	date:	2021-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-007181	date:	2022-02-03T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1269	date:	2021-05-19T00:00:00
db:	NVD	id:	CVE-2021-1358	date:	2021-05-22T07:15:07.250