ID

VAR-202108-0823


CVE

CVE-2021-34745


TITLE

Windows  for  AppDynamics .NET Agent  Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010917

DESCRIPTION

A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7. (DoS) It may be put into a state. AppDynamics.NET Agent for Windows is used to monitor IIS applications, Windows services or stand-alone applications

Trust: 1.8

sources: NVD: CVE-2021-34745 // JVNDB: JVNDB-2021-010917 // VULHUB: VHN-394987 // VULMON: CVE-2021-34745

AFFECTED PRODUCTS

vendor:ciscomodel:appdynamics .net agentscope:ltversion:21.7

Trust: 1.0

vendor:シスコシステムズmodel:cisco appdynamics .net agentscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco appdynamics .net agentscope:eqversion:21.7

Trust: 0.8

sources: JVNDB: JVNDB-2021-010917 // NVD: CVE-2021-34745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34745
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34745
value: HIGH

Trust: 1.0

NVD: CVE-2021-34745
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202108-1661
value: HIGH

Trust: 0.6

VULHUB: VHN-394987
value: HIGH

Trust: 0.1

VULMON: CVE-2021-34745
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-34745
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-394987
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34745
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-010917
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-394987 // VULMON: CVE-2021-34745 // JVNDB: JVNDB-2021-010917 // CNNVD: CNNVD-202108-1661 // NVD: CVE-2021-34745 // NVD: CVE-2021-34745

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:Inappropriate authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-394987 // JVNDB: JVNDB-2021-010917 // NVD: CVE-2021-34745

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-1661

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1661

PATCH

title:appd-sa-dotnet-privescurl:https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+AppDynamics+.NET+Agent+Privilege+Escalation+Vulnerability

Trust: 0.8

title:AppDynamics.NET Agent for Windows Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160811

Trust: 0.6

sources: JVNDB: JVNDB-2021-010917 // CNNVD: CNNVD-202108-1661

EXTERNAL IDS

db:NVDid:CVE-2021-34745

Trust: 3.4

db:JVNDBid:JVNDB-2021-010917

Trust: 0.8

db:CNNVDid:CNNVD-202108-1661

Trust: 0.7

db:VULHUBid:VHN-394987

Trust: 0.1

db:VULMONid:CVE-2021-34745

Trust: 0.1

sources: VULHUB: VHN-394987 // VULMON: CVE-2021-34745 // JVNDB: JVNDB-2021-010917 // CNNVD: CNNVD-202108-1661 // NVD: CVE-2021-34745

REFERENCES

url:https://docs.appdynamics.com/display/paa/security+advisory%3a+appdynamics+.net+agent+privilege+escalation+vulnerability

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-34745

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-394987 // VULMON: CVE-2021-34745 // JVNDB: JVNDB-2021-010917 // CNNVD: CNNVD-202108-1661 // NVD: CVE-2021-34745

SOURCES

db:VULHUBid:VHN-394987
db:VULMONid:CVE-2021-34745
db:JVNDBid:JVNDB-2021-010917
db:CNNVDid:CNNVD-202108-1661
db:NVDid:CVE-2021-34745

LAST UPDATE DATE

2024-08-14T14:44:22.132000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394987date:2021-08-26T00:00:00
db:VULMONid:CVE-2021-34745date:2021-08-26T00:00:00
db:JVNDBid:JVNDB-2021-010917date:2022-07-12T02:59:00
db:CNNVDid:CNNVD-202108-1661date:2021-08-27T00:00:00
db:NVDid:CVE-2021-34745date:2021-08-26T01:53:12.220

SOURCES RELEASE DATE

db:VULHUBid:VHN-394987date:2021-08-18T00:00:00
db:VULMONid:CVE-2021-34745date:2021-08-18T00:00:00
db:JVNDBid:JVNDB-2021-010917date:2022-07-12T00:00:00
db:CNNVDid:CNNVD-202108-1661date:2021-08-18T00:00:00
db:NVDid:CVE-2021-34745date:2021-08-18T20:15:07.747