Details of VAR-202109-0624

ID

VAR-202109-0624

CVE

CVE-2021-34765

TITLE

Cisco Nexus Insights Vulnerability in externally accessible files or directories in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011526

DESCRIPTION

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit could allow the attacker to download sensitive files that should be restricted, which could result in disclosure of sensitive information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Nexus Insights is a Cisco product that automates, monitors and analyzes your data center structure in real time

Trust: 2.34

sources: NVD: CVE-2021-34765 // JVNDB: JVNDB-2021-011526 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-395007 // VULMON: CVE-2021-34765

AFFECTED PRODUCTS

vendor:	cisco	model:	nexus insights	scope:	lt	version:	6.0.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco nexus insights	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco nexus insights	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-011526 // NVD: CVE-2021-34765

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34765
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34765
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34765
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-066
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-395007
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-34765
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34765
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-395007
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34765
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-34765
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-395007 // VULMON: CVE-2021-34765 // JVNDB: JVNDB-2021-011526 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-066 // NVD: CVE-2021-34765 // NVD: CVE-2021-34765

PROBLEMTYPE DATA

problemtype:	CWE-552	Trust: 1.1
problemtype:	Externally accessible file or directory (CWE-552) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-395007 // JVNDB: JVNDB-2021-011526 // NVD: CVE-2021-34765

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-066

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-066

PATCH

title:	cisco-sa-insight-infodis-2By2ZpBB	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-insight-infodis-2By2ZpBB	Trust: 0.8
title:	Cisco: Cisco Nexus Insights Authenticated Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-insight-infodis-2By2ZpBB	Trust: 0.1

sources: VULMON: CVE-2021-34765 // JVNDB: JVNDB-2021-011526

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34765	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-011526	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-066	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021090202	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2963	Trust: 0.6
db:	VULHUB	id:	VHN-395007	Trust: 0.1
db:	VULMON	id:	CVE-2021-34765	Trust: 0.1

sources: VULHUB: VHN-395007 // VULMON: CVE-2021-34765 // JVNDB: JVNDB-2021-011526 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-066 // NVD: CVE-2021-34765

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-insight-infodis-2by2zpbb	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34765	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021090202	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2963	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/552.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-395007 // VULMON: CVE-2021-34765 // JVNDB: JVNDB-2021-011526 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-066 // NVD: CVE-2021-34765

SOURCES

db:	VULHUB	id:	VHN-395007
db:	VULMON	id:	CVE-2021-34765
db:	JVNDB	id:	JVNDB-2021-011526
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-066
db:	NVD	id:	CVE-2021-34765

LAST UPDATE DATE

2024-08-14T12:45:50.403000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-395007	date:	2021-09-15T00:00:00
db:	VULMON	id:	CVE-2021-34765	date:	2021-09-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-011526	date:	2022-08-03T08:20:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-066	date:	2021-09-16T00:00:00
db:	NVD	id:	CVE-2021-34765	date:	2023-11-07T03:36:20.617

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-395007	date:	2021-09-02T00:00:00
db:	VULMON	id:	CVE-2021-34765	date:	2021-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-011526	date:	2022-08-03T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-066	date:	2021-09-01T00:00:00
db:	NVD	id:	CVE-2021-34765	date:	2021-09-02T03:15:06.793