ID

VAR-202106-0630


CVE

CVE-2021-1395


TITLE

Cisco Unified Intelligence Center  Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008123

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The platform provides report related business data and display function of call center data

Trust: 2.25

sources: NVD: CVE-2021-1395 // JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374449

AFFECTED PRODUCTS

vendor:ciscomodel:unified contact center expressscope:lteversion:12.5\(1\)

Trust: 1.0

vendor:ciscomodel:unified contact center enterprisescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:unified intelligence centerscope:eqversion:12.5\(1\)

Trust: 1.0

vendor:ciscomodel:unified intelligence centerscope:lteversion:12.0\(1\)

Trust: 1.0

vendor:ciscomodel:packaged contact center enterprisescope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:cisco unified intelligence centerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco unified contact center expressscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco unified contact center enterprisescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco packaged contact center enterprisescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-008123 // NVD: CVE-2021-1395

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1395
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1395
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1395
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-1300
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374449
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1395
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374449
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1395
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1395
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1395
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374449 // JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1300 // NVD: CVE-2021-1395 // NVD: CVE-2021-1395

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374449 // JVNDB: JVNDB-2021-008123 // NVD: CVE-2021-1395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1300

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-cuic-xss-csHUdtrLurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL

Trust: 0.8

title:Cisco Unified Intelligence Center Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155079

Trust: 0.6

sources: JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202106-1300

EXTERNAL IDS

db:NVDid:CVE-2021-1395

Trust: 3.3

db:JVNDBid:JVNDB-2021-008123

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2150.2

Trust: 0.6

db:CS-HELPid:SB2021061617

Trust: 0.6

db:CNNVDid:CNNVD-202106-1300

Trust: 0.6

db:VULHUBid:VHN-374449

Trust: 0.1

sources: VULHUB: VHN-374449 // JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1300 // NVD: CVE-2021-1395

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cuic-xss-cshudtrl

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1395

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2150.2

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061617

Trust: 0.6

sources: VULHUB: VHN-374449 // JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1300 // NVD: CVE-2021-1395

SOURCES

db:VULHUBid:VHN-374449
db:JVNDBid:JVNDB-2021-008123
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-1300
db:NVDid:CVE-2021-1395

LAST UPDATE DATE

2024-08-14T12:30:20.092000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374449date:2021-06-22T00:00:00
db:JVNDBid:JVNDB-2021-008123date:2022-03-04T07:05:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-1300date:2021-07-26T00:00:00
db:NVDid:CVE-2021-1395date:2023-11-07T03:28:12.133

SOURCES RELEASE DATE

db:VULHUBid:VHN-374449date:2021-06-16T00:00:00
db:JVNDBid:JVNDB-2021-008123date:2022-03-04T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-1300date:2021-06-16T00:00:00
db:NVDid:CVE-2021-1395date:2021-06-16T18:15:07.927