Details of VAR-202107-0441

ID

VAR-202107-0441

CVE

CVE-2021-1617

TITLE

Cisco Intersight Virtual Appliance Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010209

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Intersight Virtual Appliance There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1617 // JVNDB: JVNDB-2021-010209 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374671 // VULMON: CVE-2021-1617

AFFECTED PRODUCTS

vendor:	cisco	model:	intersight virtual appliance	scope:	lt	version:	1.0.9-292	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco intersight virtual appliance	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco intersight virtual appliance	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010209 // NVD: CVE-2021-1617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1617
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1617
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1617
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202107-1703
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374671
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1617
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1617
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374671
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1617
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1617
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374671 // VULMON: CVE-2021-1617 // JVNDB: JVNDB-2021-010209 // CNNVD: CNNVD-202107-1703 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1617 // NVD: CVE-2021-1617

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	CWE-36	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374671 // JVNDB: JVNDB-2021-010209 // NVD: CVE-2021-1617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1703

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202107-1703

PATCH

title:	cisco-sa-ucsi2-dtcinj-yH5U4RSx	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx	Trust: 0.8
title:	Cisco Intersight Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=158624	Trust: 0.6
title:	Cisco: Cisco Intersight Virtual Appliance Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ucsi2-dtcinj-yH5U4RSx	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-1617	Trust: 0.1

sources: VULMON: CVE-2021-1617 // JVNDB: JVNDB-2021-010209 // CNNVD: CNNVD-202107-1703

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1617	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010209	Trust: 0.8
db:	CS-HELP	id:	SB2021072230	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2478	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-1703	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-374671	Trust: 0.1
db:	VULMON	id:	CVE-2021-1617	Trust: 0.1

sources: VULHUB: VHN-374671 // VULMON: CVE-2021-1617 // JVNDB: JVNDB-2021-010209 // CNNVD: CNNVD-202107-1703 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1617

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsi2-dtcinj-yh5u4rsx	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1617	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021072230	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2478	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-1617	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374671 // VULMON: CVE-2021-1617 // JVNDB: JVNDB-2021-010209 // CNNVD: CNNVD-202107-1703 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1617

SOURCES

db:	VULHUB	id:	VHN-374671
db:	VULMON	id:	CVE-2021-1617
db:	JVNDB	id:	JVNDB-2021-010209
db:	CNNVD	id:	CNNVD-202107-1703
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-1617

LAST UPDATE DATE

2024-08-14T12:56:57.198000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374671	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2021-1617	date:	2022-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-010209	date:	2022-06-24T05:24:00
db:	CNNVD	id:	CNNVD-202107-1703	date:	2022-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-1617	date:	2023-11-07T03:28:47.793

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374671	date:	2021-07-22T00:00:00
db:	VULMON	id:	CVE-2021-1617	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010209	date:	2022-06-24T00:00:00
db:	CNNVD	id:	CNNVD-202107-1703	date:	2021-07-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-1617	date:	2021-07-22T16:15:08.827