ID

VAR-202109-0624


CVE

CVE-2021-34765


TITLE

Cisco Nexus Insights  Vulnerability in externally accessible files or directories in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011526

DESCRIPTION

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Nexus Insights is a Cisco product that automates, monitors and analyzes your data center structure in real time

Trust: 2.34

sources: NVD: CVE-2021-34765 // JVNDB: JVNDB-2021-011526 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-395007 // VULMON: CVE-2021-34765

AFFECTED PRODUCTS

vendor:ciscomodel:nexus insightsscope:ltversion:6.0.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco nexus insightsscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco nexus insightsscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-011526 // NVD: CVE-2021-34765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34765
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34765
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34765
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-066
value: MEDIUM

Trust: 0.6

VULHUB: VHN-395007
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-34765
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34765
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-395007
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34765
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-34765
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395007 // VULMON: CVE-2021-34765 // JVNDB: JVNDB-2021-011526 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-066 // NVD: CVE-2021-34765 // NVD: CVE-2021-34765

PROBLEMTYPE DATA

problemtype:CWE-552

Trust: 1.1

problemtype:Externally accessible file or directory (CWE-552) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-395007 // JVNDB: JVNDB-2021-011526 // NVD: CVE-2021-34765

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-066

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-066

PATCH

title:cisco-sa-insight-infodis-2By2ZpBBurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-insight-infodis-2By2ZpBB

Trust: 0.8

title:Cisco: Cisco Nexus Insights Authenticated Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-insight-infodis-2By2ZpBB

Trust: 0.1

sources: VULMON: CVE-2021-34765 // JVNDB: JVNDB-2021-011526

EXTERNAL IDS

db:NVDid:CVE-2021-34765

Trust: 3.4

db:JVNDBid:JVNDB-2021-011526

Trust: 0.8

db:CNNVDid:CNNVD-202109-066

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021090202

Trust: 0.6

db:AUSCERTid:ESB-2021.2963

Trust: 0.6

db:VULHUBid:VHN-395007

Trust: 0.1

db:VULMONid:CVE-2021-34765

Trust: 0.1

sources: VULHUB: VHN-395007 // VULMON: CVE-2021-34765 // JVNDB: JVNDB-2021-011526 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-066 // NVD: CVE-2021-34765

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-insight-infodis-2by2zpbb

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34765

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090202

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2963

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/552.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-395007 // VULMON: CVE-2021-34765 // JVNDB: JVNDB-2021-011526 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-066 // NVD: CVE-2021-34765

SOURCES

db:VULHUBid:VHN-395007
db:VULMONid:CVE-2021-34765
db:JVNDBid:JVNDB-2021-011526
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-066
db:NVDid:CVE-2021-34765

LAST UPDATE DATE

2024-08-14T12:45:50.403000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395007date:2021-09-15T00:00:00
db:VULMONid:CVE-2021-34765date:2021-09-15T00:00:00
db:JVNDBid:JVNDB-2021-011526date:2022-08-03T08:20:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-066date:2021-09-16T00:00:00
db:NVDid:CVE-2021-34765date:2023-11-07T03:36:20.617

SOURCES RELEASE DATE

db:VULHUBid:VHN-395007date:2021-09-02T00:00:00
db:VULMONid:CVE-2021-34765date:2021-09-02T00:00:00
db:JVNDBid:JVNDB-2021-011526date:2022-08-03T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-066date:2021-09-01T00:00:00
db:NVDid:CVE-2021-34765date:2021-09-02T03:15:06.793