ID

VAR-202107-0427


CVE

CVE-2021-1562


TITLE

Cisco BroadWorks Application Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202107-326

DESCRIPTION

A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to join a Call Center instance and have calls that they do not have permissions to access distributed to them from the Call Center queue. At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Application Server. However, firmware patches are available. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco BroadWorks Application is an enterprise-level calling and collaboration platform of Cisco (Cisco)

Trust: 1.62

sources: NVD: CVE-2021-1562 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374616 // VULMON: CVE-2021-1562

AFFECTED PRODUCTS

vendor:ciscomodel:broadworks application serverscope:ltversion:24.0.2020.08

Trust: 1.0

vendor:ciscomodel:broadworks application serverscope:ltversion:22.0.2020.08

Trust: 1.0

vendor:ciscomodel:broadworks application serverscope:gteversion:22.0

Trust: 1.0

vendor:ciscomodel:broadworks application serverscope:gteversion:24.0

Trust: 1.0

vendor:ciscomodel:broadworks application serverscope:ltversion:23.0.2020.08

Trust: 1.0

vendor:ciscomodel:broadworks application serverscope:gteversion:23.0

Trust: 1.0

sources: NVD: CVE-2021-1562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1562
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1562
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202107-326
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374616
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1562
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1562
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374616
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1562
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-374616 // VULMON: CVE-2021-1562 // CNNVD: CNNVD-202107-326 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1562 // NVD: CVE-2021-1562

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-200

Trust: 1.1

sources: VULHUB: VHN-374616 // NVD: CVE-2021-1562

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-326

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202107-326

PATCH

title:Cisco: Cisco BroadWorks Application Server Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-broad-as-inf-disc-ZUXGFFXQ

Trust: 0.1

sources: VULMON: CVE-2021-1562

EXTERNAL IDS

db:NVDid:CVE-2021-1562

Trust: 1.8

db:AUSCERTid:ESB-2021.2326

Trust: 0.6

db:CS-HELPid:SB2021070814

Trust: 0.6

db:CNNVDid:CNNVD-202107-326

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-374616

Trust: 0.1

db:VULMONid:CVE-2021-1562

Trust: 0.1

sources: VULHUB: VHN-374616 // VULMON: CVE-2021-1562 // CNNVD: CNNVD-202107-326 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1562

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-broad-as-inf-disc-zuxgffxq

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1562

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021070814

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2326

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374616 // VULMON: CVE-2021-1562 // CNNVD: CNNVD-202107-326 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1562

SOURCES

db:VULHUBid:VHN-374616
db:VULMONid:CVE-2021-1562
db:CNNVDid:CNNVD-202107-326
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-1562

LAST UPDATE DATE

2024-08-14T12:47:05.277000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374616date:2022-10-21T00:00:00
db:VULMONid:CVE-2021-1562date:2021-07-12T00:00:00
db:CNNVDid:CNNVD-202107-326date:2022-10-24T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-1562date:2023-11-07T03:28:38.153

SOURCES RELEASE DATE

db:VULHUBid:VHN-374616date:2021-07-08T00:00:00
db:VULMONid:CVE-2021-1562date:2021-07-08T00:00:00
db:CNNVDid:CNNVD-202107-326date:2021-07-07T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-1562date:2021-07-08T19:15:08.457