Details of VAR-202109-0631

ID

VAR-202109-0631

CVE

CVE-2021-34771

TITLE

Cisco IOS XR Software CLI Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011556

DESCRIPTION

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-395013 // VULMON: CVE-2021-34771

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	lt	version:	7.3.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xr	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xr	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-011556 // NVD: CVE-2021-34771

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34771
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34771
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34771
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202109-400
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-395013
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-34771
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-34771
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-395013
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34771
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-34771
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-395013 // VULMON: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202109-400 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34771 // NVD: CVE-2021-34771

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-201	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-395013 // JVNDB: JVNDB-2021-011556 // NVD: CVE-2021-34771

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202109-400

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202109-400

PATCH

title:	cisco-sa-iosxr-infodisc-CjLdGMc5	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-infodisc-CjLdGMc5	Trust: 0.8
title:	Cisco IOS XR Repair measures for information disclosure vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=162976	Trust: 0.6
title:	Cisco: Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxr-infodisc-CjLdGMc5	Trust: 0.1

sources: VULMON: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202109-400

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34771	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-011556	Trust: 0.8
db:	CS-HELP	id:	SB2021090913	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3022.3	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3022.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3022.5	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3022.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-400	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CNVD	id:	CNVD-2021-102368	Trust: 0.1
db:	VULHUB	id:	VHN-395013	Trust: 0.1
db:	VULMON	id:	CVE-2021-34771	Trust: 0.1

sources: VULHUB: VHN-395013 // VULMON: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202109-400 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34771

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxr-infodisc-cjldgmc5	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34771	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.3022.5	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021090913	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xr-information-disclosure-via-cli-36355	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3022.2	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3022.4	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3022.3	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-395013 // VULMON: CVE-2021-34771 // JVNDB: JVNDB-2021-011556 // CNNVD: CNNVD-202109-400 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34771

SOURCES

db:	VULHUB	id:	VHN-395013
db:	VULMON	id:	CVE-2021-34771
db:	JVNDB	id:	JVNDB-2021-011556
db:	CNNVD	id:	CNNVD-202109-400
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-34771

LAST UPDATE DATE

2024-08-14T12:13:24.357000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-395013	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2021-34771	date:	2021-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-011556	date:	2022-08-04T06:45:00
db:	CNNVD	id:	CNNVD-202109-400	date:	2022-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-34771	date:	2023-11-07T03:36:21.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-395013	date:	2021-09-09T00:00:00
db:	VULMON	id:	CVE-2021-34771	date:	2021-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-011556	date:	2022-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202109-400	date:	2021-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-34771	date:	2021-09-09T05:15:12.113