Details of VAR-202107-0962

ID

VAR-202107-0962

CVE

CVE-2021-34700

TITLE

Cisco SD-WAN vManage Inadequate protection of credentials in software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-010123

DESCRIPTION

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system. Cisco SD-WAN vManage The software contains vulnerabilities in inadequate protection of credentials.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 2.34

sources: NVD: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394942 // VULMON: CVE-2021-34700

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.5.0	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010123 // NVD: CVE-2021-34700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34700
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34700
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34700
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202107-1691
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-394942
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-34700
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34700
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-394942
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34700
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-34700
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-394942 // VULMON: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202107-1691 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34700 // NVD: CVE-2021-34700

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-394942 // JVNDB: JVNDB-2021-010123 // NVD: CVE-2021-34700

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1691

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-1691 // CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-sdwan-vmanage-infdis-LggOP9sE	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-infdis-LggOP9sE	Trust: 0.8
title:	Cisco SD-WAN vManage Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157297	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Software Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-vmanage-infdis-LggOP9sE	Trust: 0.1

sources: VULMON: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202107-1691

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34700	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010123	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1691	Trust: 0.7
db:	CS-HELP	id:	SB2021072234	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-394942	Trust: 0.1
db:	VULMON	id:	CVE-2021-34700	Trust: 0.1

sources: VULHUB: VHN-394942 // VULMON: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202107-1691 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34700

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vmanage-infdis-lggop9se	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34700	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021072234	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-394942 // VULMON: CVE-2021-34700 // JVNDB: JVNDB-2021-010123 // CNNVD: CNNVD-202107-1691 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34700

SOURCES

db:	VULHUB	id:	VHN-394942
db:	VULMON	id:	CVE-2021-34700
db:	JVNDB	id:	JVNDB-2021-010123
db:	CNNVD	id:	CNNVD-202107-1691
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-34700

LAST UPDATE DATE

2024-08-14T12:34:26.409000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-394942	date:	2021-08-02T00:00:00
db:	VULMON	id:	CVE-2021-34700	date:	2021-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-010123	date:	2022-06-22T02:01:00
db:	CNNVD	id:	CNNVD-202107-1691	date:	2021-08-03T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-34700	date:	2023-11-07T03:36:05.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-394942	date:	2021-07-22T00:00:00
db:	VULMON	id:	CVE-2021-34700	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010123	date:	2022-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202107-1691	date:	2021-07-21T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-34700	date:	2021-07-22T16:15:09.300