Details of VAR-202105-0624

ID

VAR-202105-0624

CVE

CVE-2021-1531

TITLE

Cisco Modeling Labs Argument insertion or modification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007183

DESCRIPTION

A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected server. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web application, virl2, on the underlying operating system of the affected server. To exploit this vulnerability, the attacker must have valid user credentials on the web UI. Cisco Modeling Labs Is vulnerable to the insertion or modification of arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Modeling Labs is an application software of Cisco (Cisco). A local network simulation tool that runs on workstations and servers

Trust: 2.34

sources: NVD: CVE-2021-1531 // JVNDB: JVNDB-2021-007183 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374585 // VULMON: CVE-2021-1531

AFFECTED PRODUCTS

vendor:	cisco	model:	modeling labs	scope:	eq	version:	2.1.1	Trust: 1.0
vendor:	cisco	model:	modeling labs	scope:	eq	version:	2.1.2	Trust: 1.0
vendor:	cisco	model:	modeling labs	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	cisco	model:	modeling labs	scope:	eq	version:	2.1.3	Trust: 1.0
vendor:	cisco	model:	modeling labs	scope:	eq	version:	2.0.1	Trust: 1.0
vendor:	cisco	model:	modeling labs	scope:	eq	version:	2.0.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco modeling labs	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco modeling labs	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007183 // NVD: CVE-2021-1531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1531
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1531
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1531
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202105-1277
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374585
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1531
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374585
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1531
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1531
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374585 // JVNDB: JVNDB-2021-007183 // CNNVD: CNNVD-202105-1277 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1531 // NVD: CVE-2021-1531

PROBLEMTYPE DATA

problemtype:	CWE-88	Trust: 1.1
problemtype:	Insert or change arguments (CWE-88) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374585 // JVNDB: JVNDB-2021-007183 // NVD: CVE-2021-1531

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1277

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-202105-1277

PATCH

title:	cisco-sa-cml-cmd-inject-N4VYeQXB	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-cmd-inject-N4VYeQXB	Trust: 0.8
title:	Cisco Modeling Labs Repair measures for parameter injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151167	Trust: 0.6
title:	Cisco: Cisco Modeling Labs Web UI Command Injection Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cml-cmd-inject-N4VYeQXB	Trust: 0.1

sources: VULMON: CVE-2021-1531 // JVNDB: JVNDB-2021-007183 // CNNVD: CNNVD-202105-1277

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1531	Trust: 3.4
db:	PACKETSTORM	id:	163265	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-007183	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-1277	Trust: 0.7
db:	CS-HELP	id:	SB2021052009	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1775	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-374585	Trust: 0.1
db:	VULMON	id:	CVE-2021-1531	Trust: 0.1

sources: VULHUB: VHN-374585 // VULMON: CVE-2021-1531 // JVNDB: JVNDB-2021-007183 // CNNVD: CNNVD-202105-1277 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1531

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cml-cmd-inject-n4vyeqxb	Trust: 2.5
url:	http://packetstormsecurity.com/files/163265/cisco-modeling-labs-2.1.1-b19-remote-command-execution.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1531	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021052009	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1775	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374585 // VULMON: CVE-2021-1531 // JVNDB: JVNDB-2021-007183 // CNNVD: CNNVD-202105-1277 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1531

SOURCES

db:	VULHUB	id:	VHN-374585
db:	VULMON	id:	CVE-2021-1531
db:	JVNDB	id:	JVNDB-2021-007183
db:	CNNVD	id:	CNNVD-202105-1277
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-1531

LAST UPDATE DATE

2024-08-14T12:50:14.293000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374585	date:	2022-05-13T00:00:00
db:	VULMON	id:	CVE-2021-1531	date:	2021-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-007183	date:	2022-02-03T08:31:00
db:	CNNVD	id:	CNNVD-202105-1277	date:	2022-05-16T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-1531	date:	2023-11-07T03:28:33.080

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374585	date:	2021-05-22T00:00:00
db:	VULMON	id:	CVE-2021-1531	date:	2021-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-007183	date:	2022-02-03T00:00:00
db:	CNNVD	id:	CNNVD-202105-1277	date:	2021-05-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-1531	date:	2021-05-22T07:15:07.350