Sign-up

ID

VAR-202109-0617


CVE

CVE-2021-34785


TITLE

Cisco BroadWorks CommPilot Application Software  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011557

DESCRIPTION

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. Cisco BroadWorks CommPilot Application Software There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco BroadWorks CommPilot is a carrier-grade unified communications software platform from Cisco, optimized for performance and scale. BroadWorks is hosted by a service provider to deploy cloud calling from common network platforms on any type of wired or wireless network architecture

Trust: 2.34

sources: NVD: CVE-2021-34785 // JVNDB: JVNDB-2021-011557 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-395027 // VULMON: CVE-2021-34785

AFFECTED PRODUCTS

vendor:ciscomodel:broadworks commpilot application softwarescope:gteversion:22.0

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:ltversion:23.0.2021.09

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:gteversion:24.0

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:ltversion:24.0.2021.09

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:ltversion:22.0.2021.09

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:gteversion:23.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco broadworks commpilot application softwarescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco broadworks commpilot application softwarescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-011557 // NVD: CVE-2021-34785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34785
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34785
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34785
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202109-410
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-395027
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-34785
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34785
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-395027
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34785
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34785
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-34785
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395027 // VULMON: CVE-2021-34785 // JVNDB: JVNDB-2021-011557 // CNNVD: CNNVD-202109-410 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34785 // NVD: CVE-2021-34785

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-620

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-395027 // JVNDB: JVNDB-2021-011557 // NVD: CVE-2021-34785

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-410

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-410

PATCH

title:cisco-sa-broadworks-dJ9JT67Nurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N

Trust: 0.8

title:Cisco BroadWorks CommPilot Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=162980

Trust: 0.6

title:Cisco: Cisco BroadWorks CommPilot Application Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-broadworks-dJ9JT67N

Trust: 0.1

sources: VULMON: CVE-2021-34785 // JVNDB: JVNDB-2021-011557 // CNNVD: CNNVD-202109-410

EXTERNAL IDS

db:NVDid:CVE-2021-34785

Trust: 3.4

db:JVNDBid:JVNDB-2021-011557

Trust: 0.8

db:CNNVDid:CNNVD-202109-410

Trust: 0.7

db:CS-HELPid:SB2021090907

Trust: 0.6

db:AUSCERTid:ESB-2021.3027

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-395027

Trust: 0.1

db:VULMONid:CVE-2021-34785

Trust: 0.1

sources: VULHUB: VHN-395027 // VULMON: CVE-2021-34785 // JVNDB: JVNDB-2021-011557 // CNNVD: CNNVD-202109-410 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34785

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-broadworks-dj9jt67n

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34785

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3027

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090907

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-395027 // VULMON: CVE-2021-34785 // JVNDB: JVNDB-2021-011557 // CNNVD: CNNVD-202109-410 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34785

SOURCES

db:VULHUBid:VHN-395027
db:VULMONid:CVE-2021-34785
db:JVNDBid:JVNDB-2021-011557
db:CNNVDid:CNNVD-202109-410
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-34785

LAST UPDATE DATE

2024-08-14T12:39:54.964000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395027date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-34785date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2021-011557date:2022-08-04T06:45:00
db:CNNVDid:CNNVD-202109-410date:2022-10-28T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-34785date:2023-11-07T03:36:24.693

SOURCES RELEASE DATE

db:VULHUBid:VHN-395027date:2021-09-09T00:00:00
db:VULMONid:CVE-2021-34785date:2021-09-09T00:00:00
db:JVNDBid:JVNDB-2021-011557date:2022-08-04T00:00:00
db:CNNVDid:CNNVD-202109-410date:2021-09-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-34785date:2021-09-09T05:15:12.277