ID

VAR-202107-0424


CVE

CVE-2021-1575


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Virtualized Voice Browser is an application software of Cisco (Cisco). A virtualized voice browser

Trust: 1.62

sources: NVD: CVE-2021-1575 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374629 // VULMON: CVE-2021-1575

AFFECTED PRODUCTS

vendor:ciscomodel:virtualized voice browserscope:ltversion:12.6\(1\)

Trust: 1.0

sources: NVD: CVE-2021-1575

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1575
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1575
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-367
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374629
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1575
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1575
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374629
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1575
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-374629 // VULMON: CVE-2021-1575 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-367 // NVD: CVE-2021-1575 // NVD: CVE-2021-1575

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-374629 // NVD: CVE-2021-1575

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-367

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Cisco Virtualized Voice Browser Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156202

Trust: 0.6

title:Cisco: Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vvb-xss-wG4zXRp3

Trust: 0.1

sources: VULMON: CVE-2021-1575 // CNNVD: CNNVD-202107-367

EXTERNAL IDS

db:NVDid:CVE-2021-1575

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2335

Trust: 0.6

db:CS-HELPid:SB2021070809

Trust: 0.6

db:CNNVDid:CNNVD-202107-367

Trust: 0.6

db:VULHUBid:VHN-374629

Trust: 0.1

db:VULMONid:CVE-2021-1575

Trust: 0.1

sources: VULHUB: VHN-374629 // VULMON: CVE-2021-1575 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-367 // NVD: CVE-2021-1575

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vvb-xss-wg4zxrp3

Trust: 2.5

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2335

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1575

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021070809

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374629 // VULMON: CVE-2021-1575 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-367 // NVD: CVE-2021-1575

SOURCES

db:VULHUBid:VHN-374629
db:VULMONid:CVE-2021-1575
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-367
db:NVDid:CVE-2021-1575

LAST UPDATE DATE

2024-08-14T12:46:54.556000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374629date:2021-07-12T00:00:00
db:VULMONid:CVE-2021-1575date:2021-07-12T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-367date:2021-08-24T00:00:00
db:NVDid:CVE-2021-1575date:2023-11-07T03:28:40.310

SOURCES RELEASE DATE

db:VULHUBid:VHN-374629date:2021-07-08T00:00:00
db:VULMONid:CVE-2021-1575date:2021-07-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-367date:2021-07-07T00:00:00
db:NVDid:CVE-2021-1575date:2021-07-08T19:15:08.853