Details of VAR-202105-0631

ID

VAR-202105-0631

CVE

CVE-2021-1516

TITLE

plural Cisco Security For appliances AsyncOS Software vulnerability in source code containing sensitive information

Trust: 0.8

sources: JVNDB: JVNDB-2021-006640

DESCRIPTION

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface. plural Cisco Security For appliances AsyncOS The software contains vulnerabilities in source code that contain sensitive information.Information may be obtained. The device is mainly used to manage all policies, reports, audit information, etc. of email and Web security devices. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.88

sources: NVD: CVE-2021-1516 // JVNDB: JVNDB-2021-006640 // CNVD: CNVD-2021-35616 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374570 // VULMON: CVE-2021-1516

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-35616

AFFECTED PRODUCTS

vendor:	cisco	model:	ironport web security appliance	scope:	eq	version:	14.0.0-300	Trust: 1.0
vendor:	cisco	model:	ironport web security appliance	scope:	eq	version:	14.0.0-090	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ironport web security appliance	scope:	eq	version:	13.6.2-023	Trust: 1.0
vendor:	cisco	model:	ironport web security appliance	scope:	eq	version:	14.0.0-292	Trust: 1.0
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	email security appliance	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ironport web security appliance	scope:	eq	version:	14.0.0-133	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco web セキュリティアプライアンス	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ironport web セキュリティアプライアンス	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco e メールセキュリティアプライアンス	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco コンテンツセキュリティ管理アプライアンス	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	content security management appliance	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-35616 // JVNDB: JVNDB-2021-006640 // NVD: CVE-2021-1516

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1516
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1516
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1516
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-35616
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-151
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374570
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1516
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1516
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-35616
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-374570
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1516
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1516
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1516
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-35616 // VULHUB: VHN-374570 // VULMON: CVE-2021-1516 // JVNDB: JVNDB-2021-006640 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-151 // NVD: CVE-2021-1516 // NVD: CVE-2021-1516

PROBLEMTYPE DATA

problemtype:	CWE-540	Trust: 1.1
problemtype:	Source code containing sensitive information (CWE-540) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374570 // JVNDB: JVNDB-2021-006640 // NVD: CVE-2021-1516

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-151

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-151

PATCH

title:	cisco-sa-esa-wsa-sma-info-gY2AEz2H	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-info-gY2AEz2H	Trust: 0.8
title:	Patch for Cisco Content Security Management Appliance information disclosure vulnerability (CNVD-2021-35616)	url:	https://www.cnvd.org.cn/patchInfo/show/265656	Trust: 0.6
title:	Cisco Content Security Management Appliance Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150789	Trust: 0.6
title:	Cisco: Cisco Content Security Management Appliance, Email Security Appliance, and Web Security Appliance Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-esa-wsa-sma-info-gY2AEz2H	Trust: 0.1

sources: CNVD: CNVD-2021-35616 // VULMON: CVE-2021-1516 // JVNDB: JVNDB-2021-006640 // CNNVD: CNNVD-202105-151

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1516	Trust: 4.0
db:	AUSCERT	id:	ESB-2021.1533	Trust: 1.2
db:	JVNDB	id:	JVNDB-2021-006640	Trust: 0.8
db:	CNVD	id:	CNVD-2021-35616	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050710	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-151	Trust: 0.6
db:	VULHUB	id:	VHN-374570	Trust: 0.1
db:	VULMON	id:	CVE-2021-1516	Trust: 0.1

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-wsa-sma-info-gy2aez2h	Trust: 2.5
url:	https://www.auscert.org.au/bulletins/esb-2021.1533	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1516	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050710	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-content-security-management-appliance-email-security-appliance-web-security-appliance-information-disclosure-via-asyncos-35267	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/540.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

SOURCES

db:	CNVD	id:	CNVD-2021-35616
db:	VULHUB	id:	VHN-374570
db:	VULMON	id:	CVE-2021-1516
db:	JVNDB	id:	JVNDB-2021-006640
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-151
db:	NVD	id:	CVE-2021-1516

LAST UPDATE DATE

2024-08-14T12:50:38.408000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-35616	date:	2021-05-19T00:00:00
db:	VULHUB	id:	VHN-374570	date:	2021-05-14T00:00:00
db:	VULMON	id:	CVE-2021-1516	date:	2021-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-006640	date:	2022-01-14T07:54:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-151	date:	2021-05-18T00:00:00
db:	NVD	id:	CVE-2021-1516	date:	2023-11-07T03:28:29.697

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-35616	date:	2021-05-19T00:00:00
db:	VULHUB	id:	VHN-374570	date:	2021-05-06T00:00:00
db:	VULMON	id:	CVE-2021-1516	date:	2021-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-006640	date:	2022-01-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-151	date:	2021-05-05T00:00:00
db:	NVD	id:	CVE-2021-1516	date:	2021-05-06T13:15:10.953