Details of VAR-202105-0636

ID

VAR-202105-0636

CVE

CVE-2021-1508

TITLE

Cisco SD-WAN vManage Software vulnerabilities related to lack of authentication

Trust: 0.8

sources: JVNDB: JVNDB-2021-006603

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage The software contains a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 2.34

sources: NVD: CVE-2021-1508 // JVNDB: JVNDB-2021-006603 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374562 // VULMON: CVE-2021-1508

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.3.3	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	19.2.99	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.5	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006603 // NVD: CVE-2021-1508

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1508
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1508
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-1508
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-224
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374562
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1508
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1508
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374562
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1508
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1508
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1508
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374562 // VULMON: CVE-2021-1508 // JVNDB: JVNDB-2021-006603 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-224 // NVD: CVE-2021-1508 // NVD: CVE-2021-1508

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0
problemtype:	Lack of authentication (CWE-862) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374562 // JVNDB: JVNDB-2021-006603 // NVD: CVE-2021-1508

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-224

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-sd-wan-vmanage-4TbynnhZ	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ	Trust: 0.8
title:	Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150799	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Software Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-vmanage-4TbynnhZ	Trust: 0.1

sources: VULMON: CVE-2021-1508 // JVNDB: JVNDB-2021-006603 // CNNVD: CNNVD-202105-224

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1508	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-006603	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-224	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1529	Trust: 0.6
db:	CS-HELP	id:	SB2021050616	Trust: 0.6
db:	VULHUB	id:	VHN-374562	Trust: 0.1
db:	VULMON	id:	CVE-2021-1508	Trust: 0.1

sources: VULHUB: VHN-374562 // VULMON: CVE-2021-1508 // JVNDB: JVNDB-2021-006603 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-224 // NVD: CVE-2021-1508

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-vmanage-4tbynnhz	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1508	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050616	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1529	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/862.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374562 // VULMON: CVE-2021-1508 // JVNDB: JVNDB-2021-006603 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-224 // NVD: CVE-2021-1508

SOURCES

db:	VULHUB	id:	VHN-374562
db:	VULMON	id:	CVE-2021-1508
db:	JVNDB	id:	JVNDB-2021-006603
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-224
db:	NVD	id:	CVE-2021-1508

LAST UPDATE DATE

2024-08-14T13:00:23.491000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374562	date:	2021-05-14T00:00:00
db:	VULMON	id:	CVE-2021-1508	date:	2021-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-006603	date:	2022-01-14T03:03:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-224	date:	2021-05-18T00:00:00
db:	NVD	id:	CVE-2021-1508	date:	2023-11-07T03:28:28.553

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374562	date:	2021-05-06T00:00:00
db:	VULMON	id:	CVE-2021-1508	date:	2021-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-006603	date:	2022-01-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-224	date:	2021-05-06T00:00:00
db:	NVD	id:	CVE-2021-1508	date:	2021-05-06T13:15:10.693