Details of VAR-202106-0906

ID

VAR-202106-0906

CVE

CVE-2021-1539

TITLE

Cisco ASR 5000 Unauthorized authentication vulnerability in series software

Trust: 0.8

sources: JVNDB: JVNDB-2021-001953

DESCRIPTION

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco ASR 5000 Series software (StarOS) Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco ASR 5000 is a 5000 series gateway product of Cisco (Cisco)

Trust: 2.34

sources: NVD: CVE-2021-1539 // JVNDB: JVNDB-2021-001953 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374593 // VULMON: CVE-2021-1539

AFFECTED PRODUCTS

vendor:	cisco	model:	staros	scope:	gte	version:	21.17.0	Trust: 1.0
vendor:	cisco	model:	staros	scope:	gte	version:	21.18.0	Trust: 1.0
vendor:	cisco	model:	staros	scope:	gte	version:	21.20.0	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.17.10	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.19.n7	Trust: 1.0
vendor:	cisco	model:	virtualized packet core	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.18.16	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.20.8	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.16.9	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.19.11	Trust: 1.0
vendor:	cisco	model:	staros	scope:	gte	version:	21.19.n	Trust: 1.0
vendor:	cisco	model:	staros	scope:	gte	version:	21.19.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco staros	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco virtualized packet core	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-001953 // NVD: CVE-2021-1539

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1539
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1539
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1539
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-124
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374593
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1539
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1539
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374593
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1539
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1539
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1539
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374593 // VULMON: CVE-2021-1539 // JVNDB: JVNDB-2021-001953 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-124 // NVD: CVE-2021-1539 // NVD: CVE-2021-1539

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	Bad authentication (CWE-863) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374593 // JVNDB: JVNDB-2021-001953 // NVD: CVE-2021-1539

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-124

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-asr5k-autho-bypass-mJDF5S7n	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n	Trust: 0.8
title:	Cisco: Cisco ASR 5000 Series Software Authorization Bypass Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-asr5k-autho-bypass-mJDF5S7n	Trust: 0.1

sources: VULMON: CVE-2021-1539 // JVNDB: JVNDB-2021-001953

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1539	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-001953	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060213	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1903	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-124	Trust: 0.6
db:	VULHUB	id:	VHN-374593	Trust: 0.1
db:	VULMON	id:	CVE-2021-1539	Trust: 0.1

sources: VULHUB: VHN-374593 // VULMON: CVE-2021-1539 // JVNDB: JVNDB-2021-001953 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-124 // NVD: CVE-2021-1539

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr5k-autho-bypass-mjdf5s7n	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1539	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asr-5000-privilege-escalation-via-authorization-bypass-35593	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060213	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1903	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374593 // VULMON: CVE-2021-1539 // JVNDB: JVNDB-2021-001953 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-124 // NVD: CVE-2021-1539

SOURCES

db:	VULHUB	id:	VHN-374593
db:	VULMON	id:	CVE-2021-1539
db:	JVNDB	id:	JVNDB-2021-001953
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-124
db:	NVD	id:	CVE-2021-1539

LAST UPDATE DATE

2024-08-14T12:17:51.606000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374593	date:	2021-06-14T00:00:00
db:	VULMON	id:	CVE-2021-1539	date:	2021-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-001953	date:	2021-07-06T02:54:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-124	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2021-1539	date:	2023-11-07T03:28:34.363

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374593	date:	2021-06-04T00:00:00
db:	VULMON	id:	CVE-2021-1539	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-001953	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-124	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1539	date:	2021-06-04T17:15:09.757