ID

VAR-202105-0611


CVE

CVE-2021-1486


TITLE

Cisco SD-WAN vManage  Observable mismatch vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-006599

DESCRIPTION

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts. Cisco SD-WAN vManage The software contains observable mismatch vulnerabilities.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The software is a form of network virtualization

Trust: 2.34

sources: NVD: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374540 // VULMON: CVE-2021-1486

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.4.1

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.3.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.4

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006599 // NVD: CVE-2021-1486

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1486
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1486
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1486
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-147
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374540
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1486
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1486
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374540
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1486
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-1486
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374540 // VULMON: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-147 // NVD: CVE-2021-1486 // NVD: CVE-2021-1486

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.1

problemtype:Observable discrepancy (CWE-203) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374540 // JVNDB: JVNDB-2021-006599 // NVD: CVE-2021-1486

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-147

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-147

PATCH

title:cisco-sa-vmanage-enumeration-64eNnDKyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-enumeration-64eNnDKy

Trust: 0.8

title:Cisco SD-WAN vManage Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150785

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmanage-enumeration-64eNnDKy

Trust: 0.1

sources: VULMON: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202105-147

EXTERNAL IDS

db:NVDid:CVE-2021-1486

Trust: 3.4

db:JVNDBid:JVNDB-2021-006599

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021050616

Trust: 0.6

db:AUSCERTid:ESB-2021.1534

Trust: 0.6

db:CNNVDid:CNNVD-202105-147

Trust: 0.6

db:VULHUBid:VHN-374540

Trust: 0.1

db:VULMONid:CVE-2021-1486

Trust: 0.1

sources: VULHUB: VHN-374540 // VULMON: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-147 // NVD: CVE-2021-1486

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-enumeration-64enndky

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1486

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1534

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050616

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/203.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374540 // VULMON: CVE-2021-1486 // JVNDB: JVNDB-2021-006599 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-147 // NVD: CVE-2021-1486

SOURCES

db:VULHUBid:VHN-374540
db:VULMONid:CVE-2021-1486
db:JVNDBid:JVNDB-2021-006599
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-147
db:NVDid:CVE-2021-1486

LAST UPDATE DATE

2024-08-14T13:00:30.964000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374540date:2021-05-14T00:00:00
db:VULMONid:CVE-2021-1486date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2021-006599date:2022-01-14T03:02:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-147date:2021-05-18T00:00:00
db:NVDid:CVE-2021-1486date:2023-11-07T03:28:24.957

SOURCES RELEASE DATE

db:VULHUBid:VHN-374540date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-1486date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006599date:2022-01-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-147date:2021-05-05T00:00:00
db:NVDid:CVE-2021-1486date:2021-05-06T13:15:10.397