ID

VAR-202107-0581


CVE

CVE-2021-1518


TITLE

Cisco Firepower Device Manager On-Box Software  Code injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010205

DESCRIPTION

A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. This vulnerability is due to insufficient sanitization of user input on specific REST API commands. An attacker could exploit this vulnerability by sending a crafted HTTP request to the API subsystem of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system. To exploit this vulnerability, an attacker would need valid low-privileged user credentials. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Firepower Device Manager (FDM) is a firewall device manager of Cisco (Cisco). The product supports access rule configuration, system monitoring and other functions

Trust: 2.34

sources: NVD: CVE-2021-1518 // JVNDB: JVNDB-2021-010205 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374572 // VULMON: CVE-2021-1518

AFFECTED PRODUCTS

vendor:ciscomodel:firepower device manager on-boxscope:ltversion:6.4.0

Trust: 1.0

vendor:ciscomodel:firepower device manager on-boxscope:ltversion:6.7.0.2

Trust: 1.0

vendor:ciscomodel:firepower device manager on-boxscope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:firepower device manager on-boxscope:gteversion:6.3.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco firepower device manager on-box ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower device manager on-box ソフトウェアscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco firepower device manager on-box ソフトウェアscope:eqversion:cisco firepower device manager on-box software

Trust: 0.8

sources: JVNDB: JVNDB-2021-010205 // NVD: CVE-2021-1518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1518
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1518
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1518
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202107-1695
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374572
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1518
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374572
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1518
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1518
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1518
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374572 // JVNDB: JVNDB-2021-010205 // CNNVD: CNNVD-202107-1695 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1518 // NVD: CVE-2021-1518

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.1

problemtype:Code injection (CWE-94) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374572 // JVNDB: JVNDB-2021-010205 // NVD: CVE-2021-1518

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1695

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202107-1695

PATCH

title:cisco-sa-fdm-rce-Rx6vVurqurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fdm-rce-Rx6vVurq

Trust: 0.8

title:Cisco Firepower Device Manager Fixes for code injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158621

Trust: 0.6

title:Cisco: Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-fdm-rce-Rx6vVurq

Trust: 0.1

sources: VULMON: CVE-2021-1518 // JVNDB: JVNDB-2021-010205 // CNNVD: CNNVD-202107-1695

EXTERNAL IDS

db:NVDid:CVE-2021-1518

Trust: 3.4

db:JVNDBid:JVNDB-2021-010205

Trust: 0.8

db:CNNVDid:CNNVD-202107-1695

Trust: 0.7

db:AUSCERTid:ESB-2021.2482

Trust: 0.6

db:CS-HELPid:SB2021072232

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-374572

Trust: 0.1

db:VULMONid:CVE-2021-1518

Trust: 0.1

sources: VULHUB: VHN-374572 // VULMON: CVE-2021-1518 // JVNDB: JVNDB-2021-010205 // CNNVD: CNNVD-202107-1695 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1518

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fdm-rce-rx6vvurq

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1518

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.2482

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072232

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374572 // VULMON: CVE-2021-1518 // JVNDB: JVNDB-2021-010205 // CNNVD: CNNVD-202107-1695 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1518

SOURCES

db:VULHUBid:VHN-374572
db:VULMONid:CVE-2021-1518
db:JVNDBid:JVNDB-2021-010205
db:CNNVDid:CNNVD-202107-1695
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-1518

LAST UPDATE DATE

2024-08-14T12:49:53.237000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374572date:2021-08-03T00:00:00
db:VULMONid:CVE-2021-1518date:2021-07-22T00:00:00
db:JVNDBid:JVNDB-2021-010205date:2022-06-24T05:24:00
db:CNNVDid:CNNVD-202107-1695date:2021-08-04T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-1518date:2023-11-07T03:28:30.060

SOURCES RELEASE DATE

db:VULHUBid:VHN-374572date:2021-07-22T00:00:00
db:VULMONid:CVE-2021-1518date:2021-07-22T00:00:00
db:JVNDBid:JVNDB-2021-010205date:2022-06-24T00:00:00
db:CNNVDid:CNNVD-202107-1695date:2021-07-21T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-1518date:2021-07-22T16:15:07.897