ID

VAR-202110-0203


CVE

CVE-2021-34782


TITLE

Cisco DNA Center Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-289

DESCRIPTION

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application

Trust: 1.08

sources: NVD: CVE-2021-34782 // VULHUB: VHN-395024 // VULMON: CVE-2021-34782

AFFECTED PRODUCTS

vendor:ciscomodel:dna centerscope:ltversion:2.2.2.5

Trust: 1.0

vendor:ciscomodel:dna centerscope:ltversion:2.2.3.3

Trust: 1.0

vendor:ciscomodel:dna centerscope:gteversion:2.2.3.0

Trust: 1.0

sources: NVD: CVE-2021-34782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34782
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34782
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202110-289
value: MEDIUM

Trust: 0.6

VULHUB: VHN-395024
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-34782
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34782
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-395024
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34782
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-395024 // VULMON: CVE-2021-34782 // CNNVD: CNNVD-202110-289 // NVD: CVE-2021-34782 // NVD: CVE-2021-34782

PROBLEMTYPE DATA

problemtype:CWE-202

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2021-34782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-289

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-289

PATCH

title:Cisco DNA Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165852

Trust: 0.6

title:Cisco: Cisco DNA Center Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dnac-infodisc-KyC6YncS

Trust: 0.1

sources: VULMON: CVE-2021-34782 // CNNVD: CNNVD-202110-289

EXTERNAL IDS

db:NVDid:CVE-2021-34782

Trust: 1.8

db:AUSCERTid:ESB-2021.3313

Trust: 0.6

db:CS-HELPid:SB2021100712

Trust: 0.6

db:CNNVDid:CNNVD-202110-289

Trust: 0.6

db:VULHUBid:VHN-395024

Trust: 0.1

db:VULMONid:CVE-2021-34782

Trust: 0.1

sources: VULHUB: VHN-395024 // VULMON: CVE-2021-34782 // CNNVD: CNNVD-202110-289 // NVD: CVE-2021-34782

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-infodisc-kyc6yncs

Trust: 2.5

url:https://www.cybersecurity-help.cz/vdb/sb2021100712

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3313

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-34782

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-395024 // VULMON: CVE-2021-34782 // CNNVD: CNNVD-202110-289 // NVD: CVE-2021-34782

SOURCES

db:VULHUBid:VHN-395024
db:VULMONid:CVE-2021-34782
db:CNNVDid:CNNVD-202110-289
db:NVDid:CVE-2021-34782

LAST UPDATE DATE

2024-08-14T14:44:16.114000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395024date:2021-10-14T00:00:00
db:VULMONid:CVE-2021-34782date:2021-10-14T00:00:00
db:CNNVDid:CNNVD-202110-289date:2021-10-20T00:00:00
db:NVDid:CVE-2021-34782date:2023-11-07T03:36:24.107

SOURCES RELEASE DATE

db:VULHUBid:VHN-395024date:2021-10-06T00:00:00
db:VULMONid:CVE-2021-34782date:2021-10-06T00:00:00
db:CNNVDid:CNNVD-202110-289date:2021-10-06T00:00:00
db:NVDid:CVE-2021-34782date:2021-10-06T20:15:18.677