ID

VAR-202105-0623


CVE

CVE-2021-1530


TITLE

Cisco BroadWorks Messaging Server  In software  XML  External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-006590

DESCRIPTION

A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a partial DoS condition on an affected system. There are workarounds that address this vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco BroadWorks Messaging Server is a database server of Cisco (Cisco)

Trust: 2.34

sources: NVD: CVE-2021-1530 // JVNDB: JVNDB-2021-006590 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374584 // VULMON: CVE-2021-1530

AFFECTED PRODUCTS

vendor:ciscomodel:broadworks messaging serverscope:eqversion:22.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco broadworks messaging serverscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco broadworks messaging serverscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006590 // NVD: CVE-2021-1530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1530
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1530
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1530
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-152
value: HIGH

Trust: 0.6

VULHUB: VHN-374584
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1530
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1530
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374584
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1530
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1530
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-1530
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374584 // VULMON: CVE-2021-1530 // JVNDB: JVNDB-2021-006590 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-152 // NVD: CVE-2021-1530 // NVD: CVE-2021-1530

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.1

problemtype:XML Improper restrictions on external entity references (CWE-611) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374584 // JVNDB: JVNDB-2021-006590 // NVD: CVE-2021-1530

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-152

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-bwms-xxe-uSLrZgKsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bwms-xxe-uSLrZgKs

Trust: 0.8

title:Cisco BroadWorks Messaging Server Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150790

Trust: 0.6

title:Cisco: Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-bwms-xxe-uSLrZgKs

Trust: 0.1

sources: VULMON: CVE-2021-1530 // JVNDB: JVNDB-2021-006590 // CNNVD: CNNVD-202105-152

EXTERNAL IDS

db:NVDid:CVE-2021-1530

Trust: 3.4

db:JVNDBid:JVNDB-2021-006590

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1532

Trust: 0.6

db:CS-HELPid:SB2021050709

Trust: 0.6

db:CNNVDid:CNNVD-202105-152

Trust: 0.6

db:VULHUBid:VHN-374584

Trust: 0.1

db:VULMONid:CVE-2021-1530

Trust: 0.1

sources: VULHUB: VHN-374584 // VULMON: CVE-2021-1530 // JVNDB: JVNDB-2021-006590 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-152 // NVD: CVE-2021-1530

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-bwms-xxe-uslrzgks

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1530

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050709

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1532

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/611.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374584 // VULMON: CVE-2021-1530 // JVNDB: JVNDB-2021-006590 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-152 // NVD: CVE-2021-1530

SOURCES

db:VULHUBid:VHN-374584
db:VULMONid:CVE-2021-1530
db:JVNDBid:JVNDB-2021-006590
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-152
db:NVDid:CVE-2021-1530

LAST UPDATE DATE

2024-08-14T13:15:59.963000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374584date:2021-05-14T00:00:00
db:VULMONid:CVE-2021-1530date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2021-006590date:2022-01-13T09:03:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-152date:2021-05-18T00:00:00
db:NVDid:CVE-2021-1530date:2023-11-07T03:28:32.897

SOURCES RELEASE DATE

db:VULHUBid:VHN-374584date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-1530date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006590date:2022-01-13T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-152date:2021-05-05T00:00:00
db:NVDid:CVE-2021-1530date:2021-05-06T13:15:11.097