Sign-up

ID

VAR-202105-0613


CVE

CVE-2021-1490


TITLE

Cisco Web Security Appliance  Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-006610

DESCRIPTION

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to retrieve a crafted file that contains malicious payload and upload it to the affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Secure Web Appliance is an application program of Cisco (Cisco). Used to protect the website. An attacker could exploit this vulnerability to execute arbitrary commands

Trust: 2.34

sources: NVD: CVE-2021-1490 // JVNDB: JVNDB-2021-006610 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374544 // VULMON: CVE-2021-1490

AFFECTED PRODUCTS

vendor:ciscomodel:web security appliancescope:ltversion:14.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco web セキュリティ アプライアンスscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco web セキュリティ アプライアンスscope:eqversion:cisco web security appliance

Trust: 0.8

vendor:シスコシステムズmodel:cisco web セキュリティ アプライアンスscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006610 // NVD: CVE-2021-1490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1490
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1490
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1490
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-199
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374544
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1490
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1490
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374544
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1490
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1490
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2021-1490
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374544 // VULMON: CVE-2021-1490 // JVNDB: JVNDB-2021-006610 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-199 // NVD: CVE-2021-1490 // NVD: CVE-2021-1490

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374544 // JVNDB: JVNDB-2021-006610 // NVD: CVE-2021-1490

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-199

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-wsa-xss-mVjOWchBurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-xss-mVjOWchB

Trust: 0.8

title:Cisco Web Security Appliance Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149229

Trust: 0.6

title:Cisco: Cisco Web Security Appliance Cross-Site Scripting Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-wsa-xss-mVjOWchB

Trust: 0.1

sources: VULMON: CVE-2021-1490 // JVNDB: JVNDB-2021-006610 // CNNVD: CNNVD-202105-199

EXTERNAL IDS

db:NVDid:CVE-2021-1490

Trust: 3.4

db:JVNDBid:JVNDB-2021-006610

Trust: 0.8

db:CNNVDid:CNNVD-202105-199

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021050613

Trust: 0.6

db:AUSCERTid:ESB-2021.1545

Trust: 0.6

db:VULHUBid:VHN-374544

Trust: 0.1

db:VULMONid:CVE-2021-1490

Trust: 0.1

sources: VULHUB: VHN-374544 // VULMON: CVE-2021-1490 // JVNDB: JVNDB-2021-006610 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-199 // NVD: CVE-2021-1490

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-wsa-xss-mvjowchb

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1490

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-web-security-appliance-cross-site-scripting-35262

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050613

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1545

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374544 // VULMON: CVE-2021-1490 // JVNDB: JVNDB-2021-006610 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-199 // NVD: CVE-2021-1490

SOURCES

db:VULHUBid:VHN-374544
db:VULMONid:CVE-2021-1490
db:JVNDBid:JVNDB-2021-006610
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-199
db:NVDid:CVE-2021-1490

LAST UPDATE DATE

2024-08-14T13:10:38.734000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374544date:2021-05-14T00:00:00
db:VULMONid:CVE-2021-1490date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2021-006610date:2022-01-14T03:03:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-199date:2021-05-18T00:00:00
db:NVDid:CVE-2021-1490date:2023-11-07T03:28:25.480

SOURCES RELEASE DATE

db:VULHUBid:VHN-374544date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-1490date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006610date:2022-01-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-199date:2021-05-05T00:00:00
db:NVDid:CVE-2021-1490date:2021-05-06T13:15:10.430