Details of VAR-202107-0424

ID

VAR-202107-0424

CVE

CVE-2021-1575

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Virtualized Voice Browser is an application software of Cisco (Cisco). A virtualized voice browser

Trust: 1.62

sources: NVD: CVE-2021-1575 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374629 // VULMON: CVE-2021-1575

AFFECTED PRODUCTS

vendor:

cisco

model:

virtualized voice browser

scope:

version:

12.6\(1\)

Trust: 1.0

sources: NVD: CVE-2021-1575

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1575
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1575
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-367
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374629
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1575
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1575
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374629
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1575
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-374629 // VULMON: CVE-2021-1575 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-367 // NVD: CVE-2021-1575 // NVD: CVE-2021-1575

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-374629 // NVD: CVE-2021-1575

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-367

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Cisco Virtualized Voice Browser Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156202	Trust: 0.6
title:	Cisco: Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vvb-xss-wG4zXRp3	Trust: 0.1

sources: VULMON: CVE-2021-1575 // CNNVD: CNNVD-202107-367

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1575	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2335	Trust: 0.6
db:	CS-HELP	id:	SB2021070809	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-367	Trust: 0.6
db:	VULHUB	id:	VHN-374629	Trust: 0.1
db:	VULMON	id:	CVE-2021-1575	Trust: 0.1

sources: VULHUB: VHN-374629 // VULMON: CVE-2021-1575 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-367 // NVD: CVE-2021-1575

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vvb-xss-wg4zxrp3	Trust: 2.5
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2335	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1575	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021070809	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374629 // VULMON: CVE-2021-1575 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-367 // NVD: CVE-2021-1575

SOURCES

db:	VULHUB	id:	VHN-374629
db:	VULMON	id:	CVE-2021-1575
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-367
db:	NVD	id:	CVE-2021-1575

LAST UPDATE DATE

2024-08-14T12:46:54.556000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374629	date:	2021-07-12T00:00:00
db:	VULMON	id:	CVE-2021-1575	date:	2021-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-367	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-1575	date:	2023-11-07T03:28:40.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374629	date:	2021-07-08T00:00:00
db:	VULMON	id:	CVE-2021-1575	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-367	date:	2021-07-07T00:00:00
db:	NVD	id:	CVE-2021-1575	date:	2021-07-08T19:15:08.853