Details of VAR-202105-0611

ID

VAR-202105-0611

CVE

CVE-2021-1486

TITLE

Cisco SD-WAN vManage Observable mismatch vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-006599

DESCRIPTION

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts. Cisco SD-WAN vManage The software contains observable mismatch vulnerabilities.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The software is a form of network virtualization

Trust: 2.34

sources: NVD: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374540 // VULMON: CVE-2021-1486

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.3.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.4	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006599 // NVD: CVE-2021-1486

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1486
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1486
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1486
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-147
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374540
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1486
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1486
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374540
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1486
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1486
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374540 // VULMON: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-147 // NVD: CVE-2021-1486 // NVD: CVE-2021-1486

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.1
problemtype:	Observable discrepancy (CWE-203) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374540 // JVNDB: JVNDB-2021-006599 // NVD: CVE-2021-1486

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-147

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-147

PATCH

title:	cisco-sa-vmanage-enumeration-64eNnDKy	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy	Trust: 0.8
title:	Cisco SD-WAN vManage Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150785	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmanage-enumeration-64eNnDKy	Trust: 0.1

sources: VULMON: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202105-147

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1486	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-006599	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050616	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1534	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-147	Trust: 0.6
db:	VULHUB	id:	VHN-374540	Trust: 0.1
db:	VULMON	id:	CVE-2021-1486	Trust: 0.1

sources: VULHUB: VHN-374540 // VULMON: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-147 // NVD: CVE-2021-1486

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-enumeration-64enndky	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1486	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1534	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050616	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/203.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374540 // VULMON: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-147 // NVD: CVE-2021-1486

SOURCES

db:	VULHUB	id:	VHN-374540
db:	VULMON	id:	CVE-2021-1486
db:	JVNDB	id:	JVNDB-2021-006599
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-147
db:	NVD	id:	CVE-2021-1486

LAST UPDATE DATE

2024-08-14T13:00:30.964000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374540	date:	2021-05-14T00:00:00
db:	VULMON	id:	CVE-2021-1486	date:	2021-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-006599	date:	2022-01-14T03:02:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-147	date:	2021-05-18T00:00:00
db:	NVD	id:	CVE-2021-1486	date:	2023-11-07T03:28:24.957

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374540	date:	2021-05-06T00:00:00
db:	VULMON	id:	CVE-2021-1486	date:	2021-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-006599	date:	2022-01-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-147	date:	2021-05-05T00:00:00
db:	NVD	id:	CVE-2021-1486	date:	2021-05-06T13:15:10.397