Details of VAR-202109-0604

ID

VAR-202109-0604

CVE

CVE-2021-34712

TITLE

Cisco SD-WAN vManage Software Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202109-1577

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-34712 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394954 // VULMON: CVE-2021-34712

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lte	version:	20.4.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	lt	version:	20.3.4	Trust: 1.0
vendor:	cisco	model:	sd-wan vmanage	scope:	gte	version:	20.3	Trust: 1.0

sources: NVD: CVE-2021-34712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34712
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34712
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202109-1577
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-394954
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34712
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-394954
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34712
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34712
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-394954 // CNNVD: CNNVD-202109-1577 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34712 // NVD: CVE-2021-34712

PROBLEMTYPE DATA

problemtype:	CWE-943	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: NVD: CVE-2021-34712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1577

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202109-1577 // CNNVD: CNNVD-202104-975

PATCH

title:

Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerability

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=165200

Trust: 0.6

sources: CNNVD: CNNVD-202109-1577

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34712	Trust: 1.8
db:	CS-HELP	id:	SB2021092422	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3183	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1577	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-394954	Trust: 0.1
db:	VULMON	id:	CVE-2021-34712	Trust: 0.1

sources: VULHUB: VHN-394954 // VULMON: CVE-2021-34712 // CNNVD: CNNVD-202109-1577 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34712

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-josurjcc	Trust: 2.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021092422	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3183	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-394954 // VULMON: CVE-2021-34712 // CNNVD: CNNVD-202109-1577 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34712

SOURCES

db:	VULHUB	id:	VHN-394954
db:	VULMON	id:	CVE-2021-34712
db:	CNNVD	id:	CNNVD-202109-1577
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-34712

LAST UPDATE DATE

2024-08-14T12:29:44.568000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-394954	date:	2022-10-27T00:00:00
db:	VULMON	id:	CVE-2021-34712	date:	2021-09-23T00:00:00
db:	CNNVD	id:	CNNVD-202109-1577	date:	2022-10-31T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-34712	date:	2023-11-07T03:36:10.040

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-394954	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2021-34712	date:	2021-09-23T00:00:00
db:	CNNVD	id:	CNNVD-202109-1577	date:	2021-09-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-34712	date:	2021-09-23T03:15:17.687