Details of VAR-202108-0820

ID

VAR-202108-0820

CVE

CVE-2021-34716

TITLE

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009269

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Expressway Series is a software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice. Cisco TelePresence Video Communication Server is a video communication server

Trust: 2.34

sources: NVD: CVE-2021-34716 // JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394958 // VULMON: CVE-2021-34716

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server	scope:	lte	version:	x14.0.3	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server	scope:	gte	version:	x8.6	Trust: 1.0
vendor:	cisco	model:	expressway	scope:	gte	version:	x8.6.0	Trust: 1.0
vendor:	cisco	model:	expressway	scope:	lt	version:	x14.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco telepresence video communication server	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco expressway	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009269 // NVD: CVE-2021-34716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34716
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34716
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34716
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-1638
value:	HIGH
Trust: 0.6
VULHUB:	VHN-394958
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-34716
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-34716
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-394958
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34716
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34716
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	1.2
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-34716
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-394958 // VULMON: CVE-2021-34716 // JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1638 // NVD: CVE-2021-34716 // NVD: CVE-2021-34716

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.1
problemtype:	CWE-460	Trust: 1.0
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-394958 // JVNDB: JVNDB-2021-009269 // NVD: CVE-2021-34716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1638

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1638

PATCH

title:	cisco-sa-ewrce-QPynNCjh	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewrce-QPynNCjh	Trust: 0.8
title:	Cisco Expressway Series and Cisco TelePresence Video Communication Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160753	Trust: 0.6

sources: JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202108-1638

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34716	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-009269	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-1638	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021082303	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2806	Trust: 0.6
db:	VULHUB	id:	VHN-394958	Trust: 0.1
db:	VULMON	id:	CVE-2021-34716	Trust: 0.1

sources: VULHUB: VHN-394958 // VULMON: CVE-2021-34716 // JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1638 // NVD: CVE-2021-34716

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ewrce-qpynncjh	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34716	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2806	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021082303	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/755.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-394958 // VULMON: CVE-2021-34716 // JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1638 // NVD: CVE-2021-34716

SOURCES

db:	VULHUB	id:	VHN-394958
db:	VULMON	id:	CVE-2021-34716
db:	JVNDB	id:	JVNDB-2021-009269
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-1638
db:	NVD	id:	CVE-2021-34716

LAST UPDATE DATE

2024-08-14T12:24:25.959000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-394958	date:	2021-08-25T00:00:00
db:	VULMON	id:	CVE-2021-34716	date:	2021-08-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-009269	date:	2022-04-19T08:41:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-1638	date:	2021-08-26T00:00:00
db:	NVD	id:	CVE-2021-34716	date:	2023-11-07T03:36:11.123

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-394958	date:	2021-08-18T00:00:00
db:	VULMON	id:	CVE-2021-34716	date:	2021-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-009269	date:	2022-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-1638	date:	2021-08-18T00:00:00
db:	NVD	id:	CVE-2021-34716	date:	2021-08-18T20:15:07.300