Sign-up

ID

VAR-202106-0637


CVE

CVE-2021-1570


TITLE

plural  Jabber  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001958

DESCRIPTION

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The program provides online status display, instant messaging, voice and other functions. An attacker could exploit this vulnerability by sending a crafted XMPP message to an affected system to cause an application to terminate, resulting in a DoS condition

Trust: 2.34

sources: NVD: CVE-2021-1570 // JVNDB: JVNDB-2021-001958 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374624 // VULMON: CVE-2021-1570

AFFECTED PRODUCTS

vendor:ciscomodel:jabberscope:gteversion:14.0

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:12.9.6.55898

Trust: 1.0

vendor:ciscomodel:jabberscope:gteversion:12.9

Trust: 1.0

vendor:ciscomodel:jabberscope:ltversion:14.0.1.55914

Trust: 1.0

vendor:シスコシステムズmodel:cisco jabberscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco jabberscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001958 // NVD: CVE-2021-1570

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1570
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1570
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1570
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-1341
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374624
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1570
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1570
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374624
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1570
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1570
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-1570
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374624 // VULMON: CVE-2021-1570 // JVNDB: JVNDB-2021-001958 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1341 // NVD: CVE-2021-1570 // NVD: CVE-2021-1570

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-399

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374624 // JVNDB: JVNDB-2021-001958 // NVD: CVE-2021-1570

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1341

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-jabber-GuC5mLwGurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-GuC5mLwG

Trust: 0.8

title:Cisco Jabber Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154430

Trust: 0.6

title:Cisco: Cisco Jabber Desktop and Mobile Client Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-jabber-GuC5mLwG

Trust: 0.1

sources: VULMON: CVE-2021-1570 // JVNDB: JVNDB-2021-001958 // CNNVD: CNNVD-202106-1341

EXTERNAL IDS

db:NVDid:CVE-2021-1570

Trust: 2.6

db:JVNDBid:JVNDB-2021-001958

Trust: 0.8

db:CNNVDid:CNNVD-202106-1341

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2147

Trust: 0.6

db:CS-HELPid:SB2021061718

Trust: 0.6

db:VULHUBid:VHN-374624

Trust: 0.1

db:VULMONid:CVE-2021-1570

Trust: 0.1

sources: VULHUB: VHN-374624 // VULMON: CVE-2021-1570 // JVNDB: JVNDB-2021-001958 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1341 // NVD: CVE-2021-1570

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-jabber-guc5mlwg

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1570

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2147

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061718

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374624 // VULMON: CVE-2021-1570 // JVNDB: JVNDB-2021-001958 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1341 // NVD: CVE-2021-1570

SOURCES

db:VULHUBid:VHN-374624
db:VULMONid:CVE-2021-1570
db:JVNDBid:JVNDB-2021-001958
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-1341
db:NVDid:CVE-2021-1570

LAST UPDATE DATE

2024-08-14T12:47:26.501000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374624date:2021-06-24T00:00:00
db:VULMONid:CVE-2021-1570date:2021-06-24T00:00:00
db:JVNDBid:JVNDB-2021-001958date:2021-07-06T02:54:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-1341date:2021-08-16T00:00:00
db:NVDid:CVE-2021-1570date:2023-11-07T03:28:39.600

SOURCES RELEASE DATE

db:VULHUBid:VHN-374624date:2021-06-16T00:00:00
db:VULMONid:CVE-2021-1570date:2021-06-16T00:00:00
db:JVNDBid:JVNDB-2021-001958date:2021-07-06T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-1341date:2021-06-16T00:00:00
db:NVDid:CVE-2021-1570date:2021-06-16T18:15:09.217