Sign-up

ID

VAR-202107-0442


CVE

CVE-2021-1618


TITLE

Cisco Intersight Virtual Appliance  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010203

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Intersight Virtual Appliance There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1618 // JVNDB: JVNDB-2021-010203 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374672 // VULMON: CVE-2021-1618

AFFECTED PRODUCTS

vendor:ciscomodel:intersight virtual appliancescope:ltversion:1.0.9-292

Trust: 1.0

vendor:シスコシステムズmodel:cisco intersight virtual appliancescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco intersight virtual appliancescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010203 // NVD: CVE-2021-1618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1618
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1618
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1618
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202107-1702
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374672
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1618
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1618
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374672
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1618
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1618
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-1618
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374672 // VULMON: CVE-2021-1618 // JVNDB: JVNDB-2021-010203 // CNNVD: CNNVD-202107-1702 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1618 // NVD: CVE-2021-1618

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-36

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374672 // JVNDB: JVNDB-2021-010203 // NVD: CVE-2021-1618

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1702

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202107-1702

PATCH

title:cisco-sa-ucsi2-dtcinj-yH5U4RSxurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx

Trust: 0.8

title:Cisco Intersight Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=158623

Trust: 0.6

title:Cisco: Cisco Intersight Virtual Appliance Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ucsi2-dtcinj-yH5U4RSx

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-1618

Trust: 0.1

sources: VULMON: CVE-2021-1618 // JVNDB: JVNDB-2021-010203 // CNNVD: CNNVD-202107-1702

EXTERNAL IDS

db:NVDid:CVE-2021-1618

Trust: 3.4

db:JVNDBid:JVNDB-2021-010203

Trust: 0.8

db:CS-HELPid:SB2021072230

Trust: 0.6

db:AUSCERTid:ESB-2021.2478

Trust: 0.6

db:CNNVDid:CNNVD-202107-1702

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-374672

Trust: 0.1

db:VULMONid:CVE-2021-1618

Trust: 0.1

sources: VULHUB: VHN-374672 // VULMON: CVE-2021-1618 // JVNDB: JVNDB-2021-010203 // CNNVD: CNNVD-202107-1702 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1618

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucsi2-dtcinj-yh5u4rsx

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1618

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021072230

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2478

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-1618

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374672 // VULMON: CVE-2021-1618 // JVNDB: JVNDB-2021-010203 // CNNVD: CNNVD-202107-1702 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1618

SOURCES

db:VULHUBid:VHN-374672
db:VULMONid:CVE-2021-1618
db:JVNDBid:JVNDB-2021-010203
db:CNNVDid:CNNVD-202107-1702
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-1618

LAST UPDATE DATE

2024-08-14T13:14:19.985000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374672date:2022-10-24T00:00:00
db:VULMONid:CVE-2021-1618date:2022-10-24T00:00:00
db:JVNDBid:JVNDB-2021-010203date:2022-06-24T03:09:00
db:CNNVDid:CNNVD-202107-1702date:2022-10-25T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-1618date:2023-11-07T03:28:47.983

SOURCES RELEASE DATE

db:VULHUBid:VHN-374672date:2021-07-22T00:00:00
db:VULMONid:CVE-2021-1618date:2021-07-22T00:00:00
db:JVNDBid:JVNDB-2021-010203date:2022-06-24T00:00:00
db:CNNVDid:CNNVD-202107-1702date:2021-07-22T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-1618date:2021-07-22T16:15:08.980