ID

VAR-202109-0631


CVE

CVE-2021-34771


TITLE

Cisco IOS XR Software CLI  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011556

DESCRIPTION

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-395013 // VULMON: CVE-2021-34771

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:ltversion:7.3.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xrscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xrscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-011556 // NVD: CVE-2021-34771

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34771
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34771
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34771
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202109-400
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-395013
value: LOW

Trust: 0.1

VULMON: CVE-2021-34771
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-34771
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-395013
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34771
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-34771
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395013 // VULMON: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202109-400 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34771 // NVD: CVE-2021-34771

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-201

Trust: 1.0

problemtype:information leak (CWE-200) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-395013 // JVNDB: JVNDB-2021-011556 // NVD: CVE-2021-34771

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-400

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202109-400

PATCH

title:cisco-sa-iosxr-infodisc-CjLdGMc5url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-infodisc-CjLdGMc5

Trust: 0.8

title:Cisco IOS XR Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=162976

Trust: 0.6

title:Cisco: Cisco IOS XR Software Unauthorized Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxr-infodisc-CjLdGMc5

Trust: 0.1

sources: VULMON: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202109-400

EXTERNAL IDS

db:NVDid:CVE-2021-34771

Trust: 3.4

db:JVNDBid:JVNDB-2021-011556

Trust: 0.8

db:CS-HELPid:SB2021090913

Trust: 0.6

db:AUSCERTid:ESB-2021.3022.3

Trust: 0.6

db:AUSCERTid:ESB-2021.3022.4

Trust: 0.6

db:AUSCERTid:ESB-2021.3022.5

Trust: 0.6

db:AUSCERTid:ESB-2021.3022.2

Trust: 0.6

db:CNNVDid:CNNVD-202109-400

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CNVDid:CNVD-2021-102368

Trust: 0.1

db:VULHUBid:VHN-395013

Trust: 0.1

db:VULMONid:CVE-2021-34771

Trust: 0.1

sources: VULHUB: VHN-395013 // VULMON: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202109-400 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34771

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxr-infodisc-cjldgmc5

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34771

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3022.5

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021090913

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xr-information-disclosure-via-cli-36355

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3022.2

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3022.4

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3022.3

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-395013 // VULMON: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202109-400 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34771

SOURCES

db:VULHUBid:VHN-395013
db:VULMONid:CVE-2021-34771
db:JVNDBid:JVNDB-2021-011556
db:CNNVDid:CNNVD-202109-400
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-34771

LAST UPDATE DATE

2024-08-14T12:13:24.357000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395013date:2022-10-24T00:00:00
db:VULMONid:CVE-2021-34771date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2021-011556date:2022-08-04T06:45:00
db:CNNVDid:CNNVD-202109-400date:2022-10-25T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-34771date:2023-11-07T03:36:21.810

SOURCES RELEASE DATE

db:VULHUBid:VHN-395013date:2021-09-09T00:00:00
db:VULMONid:CVE-2021-34771date:2021-09-09T00:00:00
db:JVNDBid:JVNDB-2021-011556date:2022-08-04T00:00:00
db:CNNVDid:CNNVD-202109-400date:2021-09-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-34771date:2021-09-09T05:15:12.113