ID

VAR-202107-0962


CVE

CVE-2021-34700


TITLE

Cisco SD-WAN vManage  Inadequate protection of credentials in software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-010123

DESCRIPTION

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system. Cisco SD-WAN vManage The software contains vulnerabilities in inadequate protection of credentials.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 2.34

sources: NVD: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394942 // VULMON: CVE-2021-34700

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.5.0

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.5.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010123 // NVD: CVE-2021-34700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34700
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34700
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34700
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202107-1691
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-394942
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-34700
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34700
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-394942
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34700
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-34700
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-394942 // VULMON: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202107-1691 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34700 // NVD: CVE-2021-34700

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-394942 // JVNDB: JVNDB-2021-010123 // NVD: CVE-2021-34700

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1691

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-1691 // CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-sdwan-vmanage-infdis-LggOP9sEurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-infdis-LggOP9sE

Trust: 0.8

title:Cisco SD-WAN vManage Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157297

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-vmanage-infdis-LggOP9sE

Trust: 0.1

sources: VULMON: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202107-1691

EXTERNAL IDS

db:NVDid:CVE-2021-34700

Trust: 3.4

db:JVNDBid:JVNDB-2021-010123

Trust: 0.8

db:CNNVDid:CNNVD-202107-1691

Trust: 0.7

db:CS-HELPid:SB2021072234

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-394942

Trust: 0.1

db:VULMONid:CVE-2021-34700

Trust: 0.1

sources: VULHUB: VHN-394942 // VULMON: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202107-1691 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34700

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vmanage-infdis-lggop9se

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-34700

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021072234

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-394942 // VULMON: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202107-1691 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34700

SOURCES

db:VULHUBid:VHN-394942
db:VULMONid:CVE-2021-34700
db:JVNDBid:JVNDB-2021-010123
db:CNNVDid:CNNVD-202107-1691
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-34700

LAST UPDATE DATE

2024-08-14T12:34:26.409000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394942date:2021-08-02T00:00:00
db:VULMONid:CVE-2021-34700date:2021-08-02T00:00:00
db:JVNDBid:JVNDB-2021-010123date:2022-06-22T02:01:00
db:CNNVDid:CNNVD-202107-1691date:2021-08-03T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-34700date:2023-11-07T03:36:05.920

SOURCES RELEASE DATE

db:VULHUBid:VHN-394942date:2021-07-22T00:00:00
db:VULMONid:CVE-2021-34700date:2021-07-22T00:00:00
db:JVNDBid:JVNDB-2021-010123date:2022-06-22T00:00:00
db:CNNVDid:CNNVD-202107-1691date:2021-07-21T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-34700date:2021-07-22T16:15:09.300