Details of VAR-202106-0630

ID

VAR-202106-0630

CVE

CVE-2021-1395

TITLE

Cisco Unified Intelligence Center Cross-site Scripting Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008123

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The platform provides report related business data and display function of call center data

Trust: 2.25

sources: NVD: CVE-2021-1395 // JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374449

AFFECTED PRODUCTS

vendor:	cisco	model:	unified contact center express	scope:	lte	version:	12.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified contact center enterprise	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	eq	version:	12.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified intelligence center	scope:	lte	version:	12.0\(1\)	Trust: 1.0
vendor:	cisco	model:	packaged contact center enterprise	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco unified intelligence center	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco unified contact center express	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco unified contact center enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco packaged contact center enterprise	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008123 // NVD: CVE-2021-1395

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1395
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1395
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1395
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1300
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374449
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1395
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374449
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1395
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1395
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1395
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374449 // JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1300 // NVD: CVE-2021-1395 // NVD: CVE-2021-1395

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374449 // JVNDB: JVNDB-2021-008123 // NVD: CVE-2021-1395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1300

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-cuic-xss-csHUdtrL	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL	Trust: 0.8
title:	Cisco Unified Intelligence Center Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155079	Trust: 0.6

sources: JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202106-1300

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1395	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-008123	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2150.2	Trust: 0.6
db:	CS-HELP	id:	SB2021061617	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1300	Trust: 0.6
db:	VULHUB	id:	VHN-374449	Trust: 0.1

sources: VULHUB: VHN-374449 // JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1300 // NVD: CVE-2021-1395

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cuic-xss-cshudtrl	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1395	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2150.2	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061617	Trust: 0.6

sources: VULHUB: VHN-374449 // JVNDB: JVNDB-2021-008123 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1300 // NVD: CVE-2021-1395

SOURCES

db:	VULHUB	id:	VHN-374449
db:	JVNDB	id:	JVNDB-2021-008123
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-1300
db:	NVD	id:	CVE-2021-1395

LAST UPDATE DATE

2024-08-14T12:30:20.092000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374449	date:	2021-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-008123	date:	2022-03-04T07:05:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1300	date:	2021-07-26T00:00:00
db:	NVD	id:	CVE-2021-1395	date:	2023-11-07T03:28:12.133

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374449	date:	2021-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-008123	date:	2022-03-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-1300	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-1395	date:	2021-06-16T18:15:07.927