Details of VAR-202108-0823

ID

VAR-202108-0823

CVE

CVE-2021-34745

TITLE

Windows for AppDynamics .NET Agent Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010917

DESCRIPTION

A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7. (DoS) It may be put into a state. AppDynamics.NET Agent for Windows is used to monitor IIS applications, Windows services or stand-alone applications

Trust: 1.8

sources: NVD: CVE-2021-34745 // JVNDB: JVNDB-2021-010917 // VULHUB: VHN-394987 // VULMON: CVE-2021-34745

AFFECTED PRODUCTS

vendor:	cisco	model:	appdynamics .net agent	scope:	lt	version:	21.7	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco appdynamics .net agent	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco appdynamics .net agent	scope:	eq	version:	21.7	Trust: 0.8

sources: JVNDB: JVNDB-2021-010917 // NVD: CVE-2021-34745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34745
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34745
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-34745
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202108-1661
value:	HIGH
Trust: 0.6
VULHUB:	VHN-394987
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-34745
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-34745
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-394987
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34745
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-010917
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-394987 // VULMON: CVE-2021-34745 // JVNDB: JVNDB-2021-010917 // CNNVD: CNNVD-202108-1661 // NVD: CVE-2021-34745 // NVD: CVE-2021-34745

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	Inappropriate authority management (CWE-269) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-394987 // JVNDB: JVNDB-2021-010917 // NVD: CVE-2021-34745

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-1661

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1661

PATCH

title:	appd-sa-dotnet-privesc	url:	https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+AppDynamics+.NET+Agent+Privilege+Escalation+Vulnerability	Trust: 0.8
title:	AppDynamics.NET Agent for Windows Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160811	Trust: 0.6

sources: JVNDB: JVNDB-2021-010917 // CNNVD: CNNVD-202108-1661

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34745	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010917	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-1661	Trust: 0.7
db:	VULHUB	id:	VHN-394987	Trust: 0.1
db:	VULMON	id:	CVE-2021-34745	Trust: 0.1

sources: VULHUB: VHN-394987 // VULMON: CVE-2021-34745 // JVNDB: JVNDB-2021-010917 // CNNVD: CNNVD-202108-1661 // NVD: CVE-2021-34745

REFERENCES

url:	https://docs.appdynamics.com/display/paa/security+advisory%3a+appdynamics+.net+agent+privilege+escalation+vulnerability	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34745	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-394987 // VULMON: CVE-2021-34745 // JVNDB: JVNDB-2021-010917 // CNNVD: CNNVD-202108-1661 // NVD: CVE-2021-34745

SOURCES

db:	VULHUB	id:	VHN-394987
db:	VULMON	id:	CVE-2021-34745
db:	JVNDB	id:	JVNDB-2021-010917
db:	CNNVD	id:	CNNVD-202108-1661
db:	NVD	id:	CVE-2021-34745

LAST UPDATE DATE

2024-08-14T14:44:22.132000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-394987	date:	2021-08-26T00:00:00
db:	VULMON	id:	CVE-2021-34745	date:	2021-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-010917	date:	2022-07-12T02:59:00
db:	CNNVD	id:	CNNVD-202108-1661	date:	2021-08-27T00:00:00
db:	NVD	id:	CVE-2021-34745	date:	2021-08-26T01:53:12.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-394987	date:	2021-08-18T00:00:00
db:	VULMON	id:	CVE-2021-34745	date:	2021-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2021-010917	date:	2022-07-12T00:00:00
db:	CNNVD	id:	CNNVD-202108-1661	date:	2021-08-18T00:00:00
db:	NVD	id:	CVE-2021-34745	date:	2021-08-18T20:15:07.747