ID

VAR-202109-0618


CVE

CVE-2021-34786


TITLE

Cisco BroadWorks CommPilot Application Software  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011548

DESCRIPTION

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. Cisco BroadWorks CommPilot Application Software There is an authentication vulnerability in.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco BroadWorks CommPilot is a carrier-grade unified communications software platform from Cisco, optimized for performance and scale. BroadWorks is hosted by a service provider to deploy cloud calling from common network platforms on any type of wired or wireless network architecture

Trust: 2.34

sources: NVD: CVE-2021-34786 // JVNDB: JVNDB-2021-011548 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-395028 // VULMON: CVE-2021-34786

AFFECTED PRODUCTS

vendor:ciscomodel:broadworks commpilot application softwarescope:gteversion:22.0

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:ltversion:23.0.2021.09

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:gteversion:24.0

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:ltversion:24.0.2021.09

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:ltversion:22.0.2021.09

Trust: 1.0

vendor:ciscomodel:broadworks commpilot application softwarescope:gteversion:23.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco broadworks commpilot application softwarescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco broadworks commpilot application softwarescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-011548 // NVD: CVE-2021-34786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34786
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34786
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34786
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-409
value: MEDIUM

Trust: 0.6

VULHUB: VHN-395028
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-34786
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34786
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-395028
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34786
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34786
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-34786
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395028 // VULMON: CVE-2021-34786 // JVNDB: JVNDB-2021-011548 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-409 // NVD: CVE-2021-34786 // NVD: CVE-2021-34786

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-620

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-395028 // JVNDB: JVNDB-2021-011548 // NVD: CVE-2021-34786

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-409

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-broadworks-dJ9JT67Nurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N

Trust: 0.8

title:Cisco BroadWorks CommPilot Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162979

Trust: 0.6

title:Cisco: Cisco BroadWorks CommPilot Application Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-broadworks-dJ9JT67N

Trust: 0.1

sources: VULMON: CVE-2021-34786 // JVNDB: JVNDB-2021-011548 // CNNVD: CNNVD-202109-409

EXTERNAL IDS

db:NVDid:CVE-2021-34786

Trust: 3.4

db:JVNDBid:JVNDB-2021-011548

Trust: 0.8

db:CNNVDid:CNNVD-202109-409

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.3027

Trust: 0.6

db:CS-HELPid:SB2021090907

Trust: 0.6

db:VULHUBid:VHN-395028

Trust: 0.1

db:VULMONid:CVE-2021-34786

Trust: 0.1

sources: VULHUB: VHN-395028 // VULMON: CVE-2021-34786 // JVNDB: JVNDB-2021-011548 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-409 // NVD: CVE-2021-34786

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-broadworks-dj9jt67n

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34786

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3027

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090907

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-395028 // VULMON: CVE-2021-34786 // JVNDB: JVNDB-2021-011548 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-409 // NVD: CVE-2021-34786

SOURCES

db:VULHUBid:VHN-395028
db:VULMONid:CVE-2021-34786
db:JVNDBid:JVNDB-2021-011548
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-409
db:NVDid:CVE-2021-34786

LAST UPDATE DATE

2024-08-14T12:04:37.604000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395028date:2021-09-17T00:00:00
db:VULMONid:CVE-2021-34786date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2021-011548date:2022-08-04T05:30:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-409date:2021-09-18T00:00:00
db:NVDid:CVE-2021-34786date:2023-11-07T03:36:24.870

SOURCES RELEASE DATE

db:VULHUBid:VHN-395028date:2021-09-09T00:00:00
db:VULMONid:CVE-2021-34786date:2021-09-09T00:00:00
db:JVNDBid:JVNDB-2021-011548date:2022-08-04T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-409date:2021-09-08T00:00:00
db:NVDid:CVE-2021-34786date:2021-09-09T05:15:12.477