Sign-up

ID

VAR-202109-0619


CVE

CVE-2021-34733


TITLE

Cisco Prime Infrastructure  and  Cisco Evolved Programmable Network Manager  Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009988

DESCRIPTION

A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive information is not sufficiently secured when it is stored. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the affected system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-34733 // JVNDB: JVNDB-2021-009988 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394975 // VULMON: CVE-2021-34733

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:ltversion:3.8

Trust: 1.0

vendor:ciscomodel:evolved programmable network managerscope:ltversion:5.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco prime infrastructurescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco evolved programmable network managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009988 // NVD: CVE-2021-34733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34733
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34733
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34733
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-032
value: MEDIUM

Trust: 0.6

VULHUB: VHN-394975
value: LOW

Trust: 0.1

VULMON: CVE-2021-34733
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-34733
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-394975
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34733
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-34733
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-394975 // VULMON: CVE-2021-34733 // JVNDB: JVNDB-2021-009988 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-032 // NVD: CVE-2021-34733 // NVD: CVE-2021-34733

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-394975 // JVNDB: JVNDB-2021-009988 // NVD: CVE-2021-34733

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-032

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-prime-info-disc-nTU9FJ2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-info-disc-nTU9FJ2

Trust: 0.8

title:Cisco Prime Infrastructure Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161210

Trust: 0.6

title:Cisco: Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-prime-info-disc-nTU9FJ2

Trust: 0.1

sources: VULMON: CVE-2021-34733 // JVNDB: JVNDB-2021-009988 // CNNVD: CNNVD-202109-032

EXTERNAL IDS

db:NVDid:CVE-2021-34733

Trust: 3.4

db:JVNDBid:JVNDB-2021-009988

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2965

Trust: 0.6

db:CS-HELPid:SB2021090132

Trust: 0.6

db:CNNVDid:CNNVD-202109-032

Trust: 0.6

db:VULHUBid:VHN-394975

Trust: 0.1

db:VULMONid:CVE-2021-34733

Trust: 0.1

sources: VULHUB: VHN-394975 // VULMON: CVE-2021-34733 // JVNDB: JVNDB-2021-009988 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-032 // NVD: CVE-2021-34733

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-prime-info-disc-ntu9fj2

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34733

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2965

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-prime-infrastructure-information-disclosure-36292

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090132

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-394975 // VULMON: CVE-2021-34733 // JVNDB: JVNDB-2021-009988 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-032 // NVD: CVE-2021-34733

SOURCES

db:VULHUBid:VHN-394975
db:VULMONid:CVE-2021-34733
db:JVNDBid:JVNDB-2021-009988
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-032
db:NVDid:CVE-2021-34733

LAST UPDATE DATE

2024-08-14T12:32:15.170000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394975date:2021-09-10T00:00:00
db:VULMONid:CVE-2021-34733date:2021-09-10T00:00:00
db:JVNDBid:JVNDB-2021-009988date:2022-06-09T08:54:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-032date:2021-09-13T00:00:00
db:NVDid:CVE-2021-34733date:2023-11-07T03:36:14.590

SOURCES RELEASE DATE

db:VULHUBid:VHN-394975date:2021-09-02T00:00:00
db:VULMONid:CVE-2021-34733date:2021-09-02T00:00:00
db:JVNDBid:JVNDB-2021-009988date:2022-06-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-032date:2021-09-01T00:00:00
db:NVDid:CVE-2021-34733date:2021-09-02T03:15:06.637