ID

VAR-202108-0820


CVE

CVE-2021-34716


TITLE

Cisco Expressway  Series and   Cisco TelePresence Video Communication Server  Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009269

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as the root user. This vulnerability is due to incorrect handling of certain crafted software images that are uploaded to the affected device. An attacker could exploit this vulnerability by authenticating to the system as an administrative user and then uploading specific crafted software images to the affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Expressway Series is a software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice. Cisco TelePresence Video Communication Server is a video communication server

Trust: 2.34

sources: NVD: CVE-2021-34716 // JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394958 // VULMON: CVE-2021-34716

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication serverscope:lteversion:x14.0.3

Trust: 1.0

vendor:ciscomodel:telepresence video communication serverscope:gteversion:x8.6

Trust: 1.0

vendor:ciscomodel:expresswayscope:gteversion:x8.6.0

Trust: 1.0

vendor:ciscomodel:expresswayscope:ltversion:x14.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco telepresence video communication serverscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco expresswayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009269 // NVD: CVE-2021-34716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34716
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34716
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34716
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-1638
value: HIGH

Trust: 0.6

VULHUB: VHN-394958
value: HIGH

Trust: 0.1

VULMON: CVE-2021-34716
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-34716
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-394958
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34716
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34716
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-34716
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-394958 // VULMON: CVE-2021-34716 // JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1638 // NVD: CVE-2021-34716 // NVD: CVE-2021-34716

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:CWE-460

Trust: 1.0

problemtype:Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-394958 // JVNDB: JVNDB-2021-009269 // NVD: CVE-2021-34716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1638

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1638

PATCH

title:cisco-sa-ewrce-QPynNCjhurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewrce-QPynNCjh

Trust: 0.8

title:Cisco Expressway Series and Cisco TelePresence Video Communication Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160753

Trust: 0.6

sources: JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202108-1638

EXTERNAL IDS

db:NVDid:CVE-2021-34716

Trust: 3.4

db:JVNDBid:JVNDB-2021-009269

Trust: 0.8

db:CNNVDid:CNNVD-202108-1638

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021082303

Trust: 0.6

db:AUSCERTid:ESB-2021.2806

Trust: 0.6

db:VULHUBid:VHN-394958

Trust: 0.1

db:VULMONid:CVE-2021-34716

Trust: 0.1

sources: VULHUB: VHN-394958 // VULMON: CVE-2021-34716 // JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1638 // NVD: CVE-2021-34716

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ewrce-qpynncjh

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-34716

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2806

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021082303

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/755.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-394958 // VULMON: CVE-2021-34716 // JVNDB: JVNDB-2021-009269 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1638 // NVD: CVE-2021-34716

SOURCES

db:VULHUBid:VHN-394958
db:VULMONid:CVE-2021-34716
db:JVNDBid:JVNDB-2021-009269
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-1638
db:NVDid:CVE-2021-34716

LAST UPDATE DATE

2024-08-14T12:24:25.959000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394958date:2021-08-25T00:00:00
db:VULMONid:CVE-2021-34716date:2021-08-25T00:00:00
db:JVNDBid:JVNDB-2021-009269date:2022-04-19T08:41:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-1638date:2021-08-26T00:00:00
db:NVDid:CVE-2021-34716date:2023-11-07T03:36:11.123

SOURCES RELEASE DATE

db:VULHUBid:VHN-394958date:2021-08-18T00:00:00
db:VULMONid:CVE-2021-34716date:2021-08-18T00:00:00
db:JVNDBid:JVNDB-2021-009269date:2022-04-19T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-1638date:2021-08-18T00:00:00
db:NVDid:CVE-2021-34716date:2021-08-18T20:15:07.300