ID

VAR-202105-0626


CVE

CVE-2021-1535


TITLE

Cisco SD-WAN vManage  Vulnerability in software leakage of important information to unauthorized control area

Trust: 0.8

sources: JVNDB: JVNDB-2021-006562

DESCRIPTION

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to allow the attacker to view sensitive information on the affected system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The software is a form of network virtualization

Trust: 2.34

sources: NVD: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374589 // VULMON: CVE-2021-1535

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.5.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006562 // NVD: CVE-2021-1535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1535
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1535
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1535
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-150
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374589
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1535
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1535
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374589
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1535
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-1535
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374589 // VULMON: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-150 // NVD: CVE-2021-1535 // NVD: CVE-2021-1535

PROBLEMTYPE DATA

problemtype:CWE-497

Trust: 1.1

problemtype:Leakage of important information to unauthorized control areas (CWE-497) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374589 // JVNDB: JVNDB-2021-006562 // NVD: CVE-2021-1535

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-150

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-150

PATCH

title:cisco-sa-sdwan-vmanageinfdis-LKrFpbvurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanageinfdis-LKrFpbv

Trust: 0.8

title:Cisco SD-WAN vManage Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150788

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-vmanageinfdis-LKrFpbv

Trust: 0.1

sources: VULMON: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202105-150

EXTERNAL IDS

db:NVDid:CVE-2021-1535

Trust: 3.4

db:JVNDBid:JVNDB-2021-006562

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021050616

Trust: 0.6

db:AUSCERTid:ESB-2021.1534

Trust: 0.6

db:CNNVDid:CNNVD-202105-150

Trust: 0.6

db:VULHUBid:VHN-374589

Trust: 0.1

db:VULMONid:CVE-2021-1535

Trust: 0.1

sources: VULHUB: VHN-374589 // VULMON: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-150 // NVD: CVE-2021-1535

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vmanageinfdis-lkrfpbv

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1535

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1534

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050616

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/497.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374589 // VULMON: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-150 // NVD: CVE-2021-1535

SOURCES

db:VULHUBid:VHN-374589
db:VULMONid:CVE-2021-1535
db:JVNDBid:JVNDB-2021-006562
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-150
db:NVDid:CVE-2021-1535

LAST UPDATE DATE

2024-08-14T13:18:44.869000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374589date:2021-05-14T00:00:00
db:VULMONid:CVE-2021-1535date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2021-006562date:2022-01-13T03:29:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-150date:2021-05-18T00:00:00
db:NVDid:CVE-2021-1535date:2023-11-07T03:28:33.630

SOURCES RELEASE DATE

db:VULHUBid:VHN-374589date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-1535date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006562date:2022-01-13T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-150date:2021-05-05T00:00:00
db:NVDid:CVE-2021-1535date:2021-05-06T13:15:11.167