Details of VAR-202107-0434

ID

VAR-202107-0434

CVE

CVE-2021-1601

TITLE

Cisco Intersight Virtual Appliance Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010334

DESCRIPTION

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device. Cisco Intersight Virtual Appliance There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Intersight is an application platform of Cisco (Cisco). Provides a level of intelligent management that enables IT organizations to analyze, simplify and automate their environments in a more advanced manner than previous generations of tools

Trust: 2.34

sources: NVD: CVE-2021-1601 // JVNDB: JVNDB-2021-010334 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374655 // VULMON: CVE-2021-1601

AFFECTED PRODUCTS

vendor:	cisco	model:	intersight virtual appliance	scope:	eq	version:	1.0\(1\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco intersight virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco intersight virtual appliance	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010334 // NVD: CVE-2021-1601

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1601
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1601
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1601
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-1697
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374655
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1601
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374655
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1601
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.5
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1601
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374655 // JVNDB: JVNDB-2021-010334 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1697 // NVD: CVE-2021-1601 // NVD: CVE-2021-1601

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010334 // NVD: CVE-2021-1601

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1697

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1697

PATCH

title:	cisco-sa-ucsi2-iptaclbp-L8Dzs8m8	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8	Trust: 0.8
title:	Cisco Intersight Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158813	Trust: 0.6
title:	Cisco: Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ucsi2-iptaclbp-L8Dzs8m8	Trust: 0.1

sources: VULMON: CVE-2021-1601 // JVNDB: JVNDB-2021-010334 // CNNVD: CNNVD-202107-1697

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1601	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010334	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1697	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2476	Trust: 0.6
db:	CS-HELP	id:	SB2021072230	Trust: 0.6
db:	VULHUB	id:	VHN-374655	Trust: 0.1
db:	VULMON	id:	CVE-2021-1601	Trust: 0.1

sources: VULHUB: VHN-374655 // VULMON: CVE-2021-1601 // JVNDB: JVNDB-2021-010334 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1697 // NVD: CVE-2021-1601

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsi2-iptaclbp-l8dzs8m8	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1601	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072230	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2476	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374655 // VULMON: CVE-2021-1601 // JVNDB: JVNDB-2021-010334 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1697 // NVD: CVE-2021-1601

SOURCES

db:	VULHUB	id:	VHN-374655
db:	VULMON	id:	CVE-2021-1601
db:	JVNDB	id:	JVNDB-2021-010334
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-1697
db:	NVD	id:	CVE-2021-1601

LAST UPDATE DATE

2024-08-14T12:36:36.593000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374655	date:	2022-07-15T00:00:00
db:	VULMON	id:	CVE-2021-1601	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010334	date:	2022-06-29T06:05:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-1697	date:	2022-07-18T00:00:00
db:	NVD	id:	CVE-2021-1601	date:	2023-11-07T03:28:45.297

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374655	date:	2021-07-22T00:00:00
db:	VULMON	id:	CVE-2021-1601	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010334	date:	2022-06-29T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-1697	date:	2021-07-21T00:00:00
db:	NVD	id:	CVE-2021-1601	date:	2021-07-22T16:15:08.487