ID

VAR-202109-0239


CVE

CVE-2021-1589


TITLE

Cisco SD-WAN vManage  Inadequate protection of credentials in software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-012517

DESCRIPTION

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks. Cisco SD-WAN vManage The software contains vulnerabilities in inadequate protection of credentials.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374643 // VULMON: CVE-2021-1589

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:ltversion:20.3.4

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.5.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.3

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.6

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.5

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.4.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.4

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wanscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-012517 // NVD: CVE-2021-1589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1589
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1589
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1589
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202109-1575
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374643
value: LOW

Trust: 0.1

VULMON: CVE-2021-1589
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1589
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374643
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1589
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1589
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374643 // VULMON: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202109-1575 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1589 // NVD: CVE-2021-1589

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-256

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374643 // JVNDB: JVNDB-2021-012517 // NVD: CVE-2021-1589

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1575

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-1575

PATCH

title:cisco-sa-sd-wan-credentials-ydYfskzZurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-credentials-ydYfskzZ

Trust: 0.8

title:Cisco SD-WAN vManage Software Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=163937

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-credentials-ydYfskzZ

Trust: 0.1

sources: VULMON: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202109-1575

EXTERNAL IDS

db:NVDid:CVE-2021-1589

Trust: 3.4

db:JVNDBid:JVNDB-2021-012517

Trust: 0.8

db:AUSCERTid:ESB-2021.3183

Trust: 0.6

db:CS-HELPid:SB2021092421

Trust: 0.6

db:CNNVDid:CNNVD-202109-1575

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-374643

Trust: 0.1

db:VULMONid:CVE-2021-1589

Trust: 0.1

sources: VULHUB: VHN-374643 // VULMON: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202109-1575 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1589

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-credentials-ydyfskzz

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1589

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3183

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092421

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-software-file-reading-via-cli-36508

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374643 // VULMON: CVE-2021-1589 // JVNDB: JVNDB-2021-012517 // CNNVD: CNNVD-202109-1575 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1589

SOURCES

db:VULHUBid:VHN-374643
db:VULMONid:CVE-2021-1589
db:JVNDBid:JVNDB-2021-012517
db:CNNVDid:CNNVD-202109-1575
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-1589

LAST UPDATE DATE

2024-08-14T12:09:59.451000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374643date:2022-10-21T00:00:00
db:VULMONid:CVE-2021-1589date:2021-09-30T00:00:00
db:JVNDBid:JVNDB-2021-012517date:2022-09-01T05:30:00
db:CNNVDid:CNNVD-202109-1575date:2022-10-24T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-1589date:2023-11-07T03:28:43.190

SOURCES RELEASE DATE

db:VULHUBid:VHN-374643date:2021-09-23T00:00:00
db:VULMONid:CVE-2021-1589date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2021-012517date:2022-09-01T00:00:00
db:CNNVDid:CNNVD-202109-1575date:2021-09-22T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-1589date:2021-09-23T03:15:11.717