Details of VAR-202108-0316

ID

VAR-202108-0316

CVE

CVE-2021-1582

TITLE

Cisco Application Policy Infrastructure Controller and Cisco Cloud APIC Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011084

DESCRIPTION

A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1582 // JVNDB: JVNDB-2021-011084 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374636 // VULMON: CVE-2021-1582

AFFECTED PRODUCTS

vendor:	cisco	model:	application policy infrastructure controller	scope:	gte	version:	5.0	Trust: 1.0
vendor:	cisco	model:	cloud application policy infrastructure controller	scope:	gte	version:	5.0	Trust: 1.0
vendor:	cisco	model:	application policy infrastructure controller	scope:	lt	version:	5.2\(2f\)	Trust: 1.0
vendor:	cisco	model:	application policy infrastructure controller	scope:	lt	version:	3.2\(10f\)	Trust: 1.0
vendor:	cisco	model:	cloud application policy infrastructure controller	scope:	lt	version:	3.2\(10f\)	Trust: 1.0
vendor:	cisco	model:	cloud application policy infrastructure controller	scope:	lt	version:	5.2\(1h\)	Trust: 1.0
vendor:	cisco	model:	application policy infrastructure controller	scope:	gte	version:	4.0	Trust: 1.0
vendor:	cisco	model:	cloud application policy infrastructure controller	scope:	gte	version:	4.0	Trust: 1.0
vendor:	cisco	model:	application policy infrastructure controller	scope:	lt	version:	4.2\(7i\)	Trust: 1.0
vendor:	cisco	model:	cloud application policy infrastructure controller	scope:	lt	version:	4.2\(7i\)	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco cloud application policy infrastructure controller	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco application policy infrastructure controller	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-011084 // NVD: CVE-2021-1582

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1582
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1582
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1582
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-2310
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374636
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1582
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1582
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374636
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1582
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1582
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374636 // VULMON: CVE-2021-1582 // JVNDB: JVNDB-2021-011084 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-2310 // NVD: CVE-2021-1582 // NVD: CVE-2021-1582

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374636 // JVNDB: JVNDB-2021-011084 // NVD: CVE-2021-1582

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-2310

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-capic-scss-bFT75YrM	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-scss-bFT75YrM	Trust: 0.8
title:	Cisco Application Policy Infrastructure Controller Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160853	Trust: 0.6
title:	Cisco: Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-capic-scss-bFT75YrM	Trust: 0.1

sources: VULMON: CVE-2021-1582 // JVNDB: JVNDB-2021-011084 // CNNVD: CNNVD-202108-2310

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1582	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-011084	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021082608	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2871	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-2310	Trust: 0.6
db:	VULHUB	id:	VHN-374636	Trust: 0.1
db:	VULMON	id:	CVE-2021-1582	Trust: 0.1

sources: VULHUB: VHN-374636 // VULMON: CVE-2021-1582 // JVNDB: JVNDB-2021-011084 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-2310 // NVD: CVE-2021-1582

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-capic-scss-bft75yrm	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1582	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021082608	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2871	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374636 // VULMON: CVE-2021-1582 // JVNDB: JVNDB-2021-011084 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-2310 // NVD: CVE-2021-1582

SOURCES

db:	VULHUB	id:	VHN-374636
db:	VULMON	id:	CVE-2021-1582
db:	JVNDB	id:	JVNDB-2021-011084
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-2310
db:	NVD	id:	CVE-2021-1582

LAST UPDATE DATE

2024-08-14T12:34:17.699000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374636	date:	2021-09-01T00:00:00
db:	VULMON	id:	CVE-2021-1582	date:	2021-09-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-011084	date:	2022-07-19T02:06:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-2310	date:	2021-09-02T00:00:00
db:	NVD	id:	CVE-2021-1582	date:	2023-11-07T03:28:41.790

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374636	date:	2021-08-25T00:00:00
db:	VULMON	id:	CVE-2021-1582	date:	2021-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-011084	date:	2022-07-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-2310	date:	2021-08-25T00:00:00
db:	NVD	id:	CVE-2021-1582	date:	2021-08-25T20:15:10.697