ID

VAR-202109-0604


CVE

CVE-2021-34712


TITLE

Cisco SD-WAN vManage Software Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202109-1577

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-34712 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394954 // VULMON: CVE-2021-34712

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.6

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.5

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:lteversion:20.4.2

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.3.4

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:gteversion:20.3

Trust: 1.0

sources: NVD: CVE-2021-34712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34712
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34712
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202109-1577
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-394954
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34712
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-394954
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34712
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34712
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-394954 // CNNVD: CNNVD-202109-1577 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34712 // NVD: CVE-2021-34712

PROBLEMTYPE DATA

problemtype:CWE-943

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2021-34712

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1577

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202109-1577 // CNNVD: CNNVD-202104-975

PATCH

title:Cisco SD-WAN vManage Software Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=165200

Trust: 0.6

sources: CNNVD: CNNVD-202109-1577

EXTERNAL IDS

db:NVDid:CVE-2021-34712

Trust: 1.8

db:CS-HELPid:SB2021092422

Trust: 0.6

db:AUSCERTid:ESB-2021.3183

Trust: 0.6

db:CNNVDid:CNNVD-202109-1577

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-394954

Trust: 0.1

db:VULMONid:CVE-2021-34712

Trust: 0.1

sources: VULHUB: VHN-394954 // VULMON: CVE-2021-34712 // CNNVD: CNNVD-202109-1577 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34712

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-josurjcc

Trust: 2.4

url:https://www.cybersecurity-help.cz/vdb/sb2021092422

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3183

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-394954 // VULMON: CVE-2021-34712 // CNNVD: CNNVD-202109-1577 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34712

SOURCES

db:VULHUBid:VHN-394954
db:VULMONid:CVE-2021-34712
db:CNNVDid:CNNVD-202109-1577
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-34712

LAST UPDATE DATE

2024-08-14T12:29:44.568000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394954date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-34712date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202109-1577date:2022-10-31T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-34712date:2023-11-07T03:36:10.040

SOURCES RELEASE DATE

db:VULHUBid:VHN-394954date:2021-09-23T00:00:00
db:VULMONid:CVE-2021-34712date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202109-1577date:2021-09-22T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-34712date:2021-09-23T03:15:17.687