Details of VAR-202105-0632

ID

VAR-202105-0632

CVE

CVE-2021-1519

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker must have valid credentials on the affected system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-1519 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374573 // VULMON: CVE-2021-1519

AFFECTED PRODUCTS

vendor:

cisco

model:

anyconnect secure mobility client

scope:

version:

4.10.00093

Trust: 1.0

sources: NVD: CVE-2021-1519

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1519
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1519
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-153
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374573
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1519
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1519
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374573
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1519
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1519
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.0
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374573 // VULMON: CVE-2021-1519 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-153 // NVD: CVE-2021-1519 // NVD: CVE-2021-1519

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.1

sources: VULHUB: VHN-374573 // NVD: CVE-2021-1519

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-153

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Cisco AnyConnect Secure Mobility Client Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149183	Trust: 0.6
title:	Cisco: Cisco AnyConnect Secure Mobility Client Profile Modification Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-anyconnect-profile-AggMUCDg	Trust: 0.1

sources: VULMON: CVE-2021-1519 // CNNVD: CNNVD-202105-153

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1519	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050617	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1530	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-153	Trust: 0.6
db:	VULHUB	id:	VHN-374573	Trust: 0.1
db:	VULMON	id:	CVE-2021-1519	Trust: 0.1

sources: VULHUB: VHN-374573 // VULMON: CVE-2021-1519 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-153 // NVD: CVE-2021-1519

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-profile-aggmucdg	Trust: 2.5
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1530	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-anyconnect-secure-mobility-client-corruption-of-vpn-settings-35268	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050617	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374573 // VULMON: CVE-2021-1519 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-153 // NVD: CVE-2021-1519

SOURCES

db:	VULHUB	id:	VHN-374573
db:	VULMON	id:	CVE-2021-1519
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-153
db:	NVD	id:	CVE-2021-1519

LAST UPDATE DATE

2024-08-14T12:11:22.432000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374573	date:	2021-05-07T00:00:00
db:	VULMON	id:	CVE-2021-1519	date:	2021-05-07T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-153	date:	2021-05-08T00:00:00
db:	NVD	id:	CVE-2021-1519	date:	2023-11-07T03:28:30.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374573	date:	2021-05-06T00:00:00
db:	VULMON	id:	CVE-2021-1519	date:	2021-05-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-153	date:	2021-05-05T00:00:00
db:	NVD	id:	CVE-2021-1519	date:	2021-05-06T13:15:10.987