Details of VAR-202107-0433

ID

VAR-202107-0433

CVE

CVE-2021-1600

TITLE

Cisco Intersight Virtual Appliance Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010207

DESCRIPTION

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device. Cisco Intersight Virtual Appliance There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Intersight is an application platform of Cisco (Cisco). Provides a level of intelligent management that enables IT organizations to analyze, simplify and automate their environments in a more advanced manner than previous generations of tools

Trust: 2.34

sources: NVD: CVE-2021-1600 // JVNDB: JVNDB-2021-010207 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374654 // VULMON: CVE-2021-1600

AFFECTED PRODUCTS

vendor:	cisco	model:	intersight virtual appliance	scope:	eq	version:	1.0\(1\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco intersight virtual appliance	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco intersight virtual appliance	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010207 // NVD: CVE-2021-1600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1600
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1600
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1600
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-1699
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374654
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1600
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374654
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1600
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.5
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1600
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374654 // JVNDB: JVNDB-2021-010207 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1699 // NVD: CVE-2021-1600 // NVD: CVE-2021-1600

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010207 // NVD: CVE-2021-1600

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1699

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1699

PATCH

title:	cisco-sa-ucsi2-iptaclbp-L8Dzs8m8	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8	Trust: 0.8
title:	Cisco Intersight Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158622	Trust: 0.6
title:	Cisco: Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ucsi2-iptaclbp-L8Dzs8m8	Trust: 0.1

sources: VULMON: CVE-2021-1600 // JVNDB: JVNDB-2021-010207 // CNNVD: CNNVD-202107-1699

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1600	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010207	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1699	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2476	Trust: 0.6
db:	CS-HELP	id:	SB2021072230	Trust: 0.6
db:	VULHUB	id:	VHN-374654	Trust: 0.1
db:	VULMON	id:	CVE-2021-1600	Trust: 0.1

sources: VULHUB: VHN-374654 // VULMON: CVE-2021-1600 // JVNDB: JVNDB-2021-010207 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1699 // NVD: CVE-2021-1600

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsi2-iptaclbp-l8dzs8m8	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1600	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072230	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2476	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374654 // VULMON: CVE-2021-1600 // JVNDB: JVNDB-2021-010207 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1699 // NVD: CVE-2021-1600

SOURCES

db:	VULHUB	id:	VHN-374654
db:	VULMON	id:	CVE-2021-1600
db:	JVNDB	id:	JVNDB-2021-010207
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-1699
db:	NVD	id:	CVE-2021-1600

LAST UPDATE DATE

2024-08-14T13:07:53.778000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374654	date:	2022-07-15T00:00:00
db:	VULMON	id:	CVE-2021-1600	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010207	date:	2022-06-24T05:24:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-1699	date:	2022-07-18T00:00:00
db:	NVD	id:	CVE-2021-1600	date:	2023-11-07T03:28:45.137

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374654	date:	2021-07-22T00:00:00
db:	VULMON	id:	CVE-2021-1600	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010207	date:	2022-06-24T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-1699	date:	2021-07-21T00:00:00
db:	NVD	id:	CVE-2021-1600	date:	2021-07-22T16:15:08.330