Details of VAR-202106-0904

ID

VAR-202106-0904

CVE

CVE-2021-1537

TITLE

Cisco ThousandEyes Recorder Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007751

DESCRIPTION

A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer. Cisco ThousandEyes Recorder Exists in an inadequate protection of credentials.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. ThousandEyes Recorder is a platform of the ThousandEyes company in the United States to solve cloud infrastructure failures and collaborate to solve performance degradation problems across different networks

Trust: 2.34

sources: NVD: CVE-2021-1537 // JVNDB: JVNDB-2021-007751 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374591 // VULMON: CVE-2021-1537

AFFECTED PRODUCTS

vendor:	cisco	model:	thousandeyes recorder	scope:	lt	version:	1.0.5	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco thousandeyes recorder	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco thousandeyes recorder	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007751 // NVD: CVE-2021-1537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1537
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1537
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1537
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-121
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374591
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1537
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1537
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374591
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1537
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1537
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1537
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374591 // VULMON: CVE-2021-1537 // JVNDB: JVNDB-2021-007751 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-121 // NVD: CVE-2021-1537 // NVD: CVE-2021-1537

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Inadequate protection of credentials (CWE-522) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374591 // JVNDB: JVNDB-2021-007751 // NVD: CVE-2021-1537

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-121

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-121

PATCH

title:	cisco-sa-te-recorder-infodis-mx3ETTBM	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-recorder-infodis-mx3ETTBM	Trust: 0.8
title:	Cisco: Cisco ThousandEyes Recorder Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-te-recorder-infodis-mx3ETTBM	Trust: 0.1

sources: VULMON: CVE-2021-1537 // JVNDB: JVNDB-2021-007751

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1537	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-007751	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1906	Trust: 0.6
db:	CS-HELP	id:	SB2021060306	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-121	Trust: 0.6
db:	VULHUB	id:	VHN-374591	Trust: 0.1
db:	VULMON	id:	CVE-2021-1537	Trust: 0.1

sources: VULHUB: VHN-374591 // VULMON: CVE-2021-1537 // JVNDB: JVNDB-2021-007751 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-121 // NVD: CVE-2021-1537

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-te-recorder-infodis-mx3ettbm	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1537	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1906	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060306	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374591 // VULMON: CVE-2021-1537 // JVNDB: JVNDB-2021-007751 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-121 // NVD: CVE-2021-1537

SOURCES

db:	VULHUB	id:	VHN-374591
db:	VULMON	id:	CVE-2021-1537
db:	JVNDB	id:	JVNDB-2021-007751
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-121
db:	NVD	id:	CVE-2021-1537

LAST UPDATE DATE

2024-08-14T13:13:11.616000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374591	date:	2021-06-14T00:00:00
db:	VULMON	id:	CVE-2021-1537	date:	2021-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-007751	date:	2022-02-22T07:06:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-121	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2021-1537	date:	2023-11-07T03:28:34.027

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374591	date:	2021-06-04T00:00:00
db:	VULMON	id:	CVE-2021-1537	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-007751	date:	2022-02-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-121	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1537	date:	2021-06-04T17:15:09.310