Details of VAR-202109-0239

ID

VAR-202109-0239

CVE

CVE-2021-1589

TITLE

Cisco SD-WAN vManage Inadequate protection of credentials in software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-012517

DESCRIPTION

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. Cisco SD-WAN vManage The software contains vulnerabilities in inadequate protection of credentials.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374643 // VULMON: CVE-2021-1589

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.3.4	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.5.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.4	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012517 // NVD: CVE-2021-1589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1589
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1589
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1589
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202109-1575
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374643
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1589
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1589
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374643
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1589
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1589
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374643 // VULMON: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202109-1575 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1589 // NVD: CVE-2021-1589

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-256	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374643 // JVNDB: JVNDB-2021-012517 // NVD: CVE-2021-1589

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1575

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-1575

PATCH

title:	cisco-sa-sd-wan-credentials-ydYfskzZ	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-credentials-ydYfskzZ	Trust: 0.8
title:	Cisco SD-WAN vManage Software Remediation measures for authorization problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=163937	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-credentials-ydYfskzZ	Trust: 0.1

sources: VULMON: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202109-1575

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1589	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-012517	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3183	Trust: 0.6
db:	CS-HELP	id:	SB2021092421	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1575	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-374643	Trust: 0.1
db:	VULMON	id:	CVE-2021-1589	Trust: 0.1

sources: VULHUB: VHN-374643 // VULMON: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202109-1575 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1589

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-credentials-ydyfskzz	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1589	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.3183	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092421	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-software-file-reading-via-cli-36508	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/522.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374643 // VULMON: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202109-1575 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1589

SOURCES

db:	VULHUB	id:	VHN-374643
db:	VULMON	id:	CVE-2021-1589
db:	JVNDB	id:	JVNDB-2021-012517
db:	CNNVD	id:	CNNVD-202109-1575
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-1589

LAST UPDATE DATE

2024-08-14T12:09:59.451000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374643	date:	2022-10-21T00:00:00
db:	VULMON	id:	CVE-2021-1589	date:	2021-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-012517	date:	2022-09-01T05:30:00
db:	CNNVD	id:	CNNVD-202109-1575	date:	2022-10-24T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-1589	date:	2023-11-07T03:28:43.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374643	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2021-1589	date:	2021-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-012517	date:	2022-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202109-1575	date:	2021-09-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-1589	date:	2021-09-23T03:15:11.717