Details of VAR-202105-0626

ID

VAR-202105-0626

CVE

CVE-2021-1535

TITLE

Cisco SD-WAN vManage Vulnerability in software leakage of important information to unauthorized control area

Trust: 0.8

sources: JVNDB: JVNDB-2021-006562

DESCRIPTION

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to allow the attacker to view sensitive information on the affected system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The software is a form of network virtualization

Trust: 2.34

sources: NVD: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374589 // VULMON: CVE-2021-1535

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006562 // NVD: CVE-2021-1535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1535
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1535
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1535
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-150
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374589
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1535
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1535
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374589
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1535
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1535
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374589 // VULMON: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-150 // NVD: CVE-2021-1535 // NVD: CVE-2021-1535

PROBLEMTYPE DATA

problemtype:	CWE-497	Trust: 1.1
problemtype:	Leakage of important information to unauthorized control areas (CWE-497) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374589 // JVNDB: JVNDB-2021-006562 // NVD: CVE-2021-1535

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-150

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-150

PATCH

title:	cisco-sa-sdwan-vmanageinfdis-LKrFpbv	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanageinfdis-LKrFpbv	Trust: 0.8
title:	Cisco SD-WAN vManage Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150788	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-vmanageinfdis-LKrFpbv	Trust: 0.1

sources: VULMON: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202105-150

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1535	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-006562	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050616	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1534	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-150	Trust: 0.6
db:	VULHUB	id:	VHN-374589	Trust: 0.1
db:	VULMON	id:	CVE-2021-1535	Trust: 0.1

sources: VULHUB: VHN-374589 // VULMON: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-150 // NVD: CVE-2021-1535

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vmanageinfdis-lkrfpbv	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1535	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1534	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050616	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/497.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374589 // VULMON: CVE-2021-1535 // JVNDB: JVNDB-2021-006562 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-150 // NVD: CVE-2021-1535

SOURCES

db:	VULHUB	id:	VHN-374589
db:	VULMON	id:	CVE-2021-1535
db:	JVNDB	id:	JVNDB-2021-006562
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-150
db:	NVD	id:	CVE-2021-1535

LAST UPDATE DATE

2024-08-14T13:18:44.869000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374589	date:	2021-05-14T00:00:00
db:	VULMON	id:	CVE-2021-1535	date:	2021-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-006562	date:	2022-01-13T03:29:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-150	date:	2021-05-18T00:00:00
db:	NVD	id:	CVE-2021-1535	date:	2023-11-07T03:28:33.630

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374589	date:	2021-05-06T00:00:00
db:	VULMON	id:	CVE-2021-1535	date:	2021-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-006562	date:	2022-01-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-150	date:	2021-05-05T00:00:00
db:	NVD	id:	CVE-2021-1535	date:	2021-05-06T13:15:11.167