ID

VAR-202108-0310


CVE

CVE-2021-1572


TITLE

ConfD  Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2021-009748

DESCRIPTION

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released. ConfD Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco ConfD is a management software of Cisco (Cisco)

Trust: 2.34

sources: NVD: CVE-2021-1572 // JVNDB: JVNDB-2021-009748 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374626 // VULMON: CVE-2021-1572

AFFECTED PRODUCTS

vendor:ciscomodel:confdscope:gteversion:7.5

Trust: 1.0

vendor:ciscomodel:network services orchestratorscope:lteversion:5.4.3.1

Trust: 1.0

vendor:ciscomodel:network services orchestratorscope:gteversion:5.5

Trust: 1.0

vendor:ciscomodel:confdscope:lteversion:7.4.3

Trust: 1.0

vendor:ciscomodel:confdscope:gteversion:7.4

Trust: 1.0

vendor:ciscomodel:network services orchestratorscope:gteversion:5.4

Trust: 1.0

vendor:ciscomodel:confdscope:lteversion:7.5.2

Trust: 1.0

vendor:ciscomodel:network services orchestratorscope:lteversion:5.5.2.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco network services orchestratorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:confdscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009748 // NVD: CVE-2021-1572

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1572
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1572
value: HIGH

Trust: 1.0

NVD: CVE-2021-1572
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-419
value: HIGH

Trust: 0.6

VULHUB: VHN-374626
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1572
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1572
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374626
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1572
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-1572
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374626 // VULMON: CVE-2021-1572 // JVNDB: JVNDB-2021-009748 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-419 // NVD: CVE-2021-1572 // NVD: CVE-2021-1572

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-266

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374626 // JVNDB: JVNDB-2021-009748 // NVD: CVE-2021-1572

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-419

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-419

PATCH

title:cisco-sa-confd-priv-esc-LsGtCRx4 Cisco Security Advisoryurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass

Trust: 0.8

title:Cisco ConfD Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158943

Trust: 0.6

title:Cisco: Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-nso-priv-esc-XXqRtTfT

Trust: 0.1

title:Cisco: ConfD CLI Secure Shell Server Privilege Escalation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-confd-priv-esc-LsGtCRx4

Trust: 0.1

title:Threatposturl:https://threatpost.com/critical-cisco-bug-vpn-routers/168449/

Trust: 0.1

sources: VULMON: CVE-2021-1572 // JVNDB: JVNDB-2021-009748 // CNNVD: CNNVD-202108-419

EXTERNAL IDS

db:NVDid:CVE-2021-1572

Trust: 3.4

db:JVNDBid:JVNDB-2021-009748

Trust: 0.8

db:CNNVDid:CNNVD-202108-419

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2631

Trust: 0.6

db:CS-HELPid:SB2021080516

Trust: 0.6

db:VULHUBid:VHN-374626

Trust: 0.1

db:VULMONid:CVE-2021-1572

Trust: 0.1

sources: VULHUB: VHN-374626 // VULMON: CVE-2021-1572 // JVNDB: JVNDB-2021-009748 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-419 // NVD: CVE-2021-1572

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-confd-priv-esc-lsgtcrx4

Trust: 2.4

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-nso-priv-esc-xxqrttft

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1572

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080516

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2631

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/critical-cisco-bug-vpn-routers/168449/

Trust: 0.1

sources: VULHUB: VHN-374626 // VULMON: CVE-2021-1572 // JVNDB: JVNDB-2021-009748 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-419 // NVD: CVE-2021-1572

SOURCES

db:VULHUBid:VHN-374626
db:VULMONid:CVE-2021-1572
db:JVNDBid:JVNDB-2021-009748
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-419
db:NVDid:CVE-2021-1572

LAST UPDATE DATE

2024-08-14T13:01:24.193000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374626date:2022-07-15T00:00:00
db:VULMONid:CVE-2021-1572date:2022-07-15T00:00:00
db:JVNDBid:JVNDB-2021-009748date:2022-05-18T06:21:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-419date:2022-07-18T00:00:00
db:NVDid:CVE-2021-1572date:2023-11-07T03:28:39.940

SOURCES RELEASE DATE

db:VULHUBid:VHN-374626date:2021-08-04T00:00:00
db:VULMONid:CVE-2021-1572date:2021-08-04T00:00:00
db:JVNDBid:JVNDB-2021-009748date:2022-05-18T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-419date:2021-08-04T00:00:00
db:NVDid:CVE-2021-1572date:2021-08-04T18:15:08.470