Details of VAR-202110-0203

ID

VAR-202110-0203

CVE

CVE-2021-34782

TITLE

Cisco DNA Center Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-289

DESCRIPTION

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application

Trust: 1.08

sources: NVD: CVE-2021-34782 // VULHUB: VHN-395024 // VULMON: CVE-2021-34782

AFFECTED PRODUCTS

vendor:	cisco	model:	dna center	scope:	lt	version:	2.2.2.5	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	lt	version:	2.2.3.3	Trust: 1.0
vendor:	cisco	model:	dna center	scope:	gte	version:	2.2.3.0	Trust: 1.0

sources: NVD: CVE-2021-34782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34782
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34782
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202110-289
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-395024
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-34782
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34782
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-395024
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34782
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-395024 // VULMON: CVE-2021-34782 // CNNVD: CNNVD-202110-289 // NVD: CVE-2021-34782 // NVD: CVE-2021-34782

PROBLEMTYPE DATA

problemtype:	CWE-202	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: NVD: CVE-2021-34782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-289

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-289

PATCH

title:	Cisco DNA Center Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165852	Trust: 0.6
title:	Cisco: Cisco DNA Center Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dnac-infodisc-KyC6YncS	Trust: 0.1

sources: VULMON: CVE-2021-34782 // CNNVD: CNNVD-202110-289

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34782	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.3313	Trust: 0.6
db:	CS-HELP	id:	SB2021100712	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-289	Trust: 0.6
db:	VULHUB	id:	VHN-395024	Trust: 0.1
db:	VULMON	id:	CVE-2021-34782	Trust: 0.1

sources: VULHUB: VHN-395024 // VULMON: CVE-2021-34782 // CNNVD: CNNVD-202110-289 // NVD: CVE-2021-34782

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-infodisc-kyc6yncs	Trust: 2.5
url:	https://www.cybersecurity-help.cz/vdb/sb2021100712	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3313	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34782	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-395024 // VULMON: CVE-2021-34782 // CNNVD: CNNVD-202110-289 // NVD: CVE-2021-34782

SOURCES

db:	VULHUB	id:	VHN-395024
db:	VULMON	id:	CVE-2021-34782
db:	CNNVD	id:	CNNVD-202110-289
db:	NVD	id:	CVE-2021-34782

LAST UPDATE DATE

2024-08-14T14:44:16.114000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-395024	date:	2021-10-14T00:00:00
db:	VULMON	id:	CVE-2021-34782	date:	2021-10-14T00:00:00
db:	CNNVD	id:	CNNVD-202110-289	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2021-34782	date:	2023-11-07T03:36:24.107

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-395024	date:	2021-10-06T00:00:00
db:	VULMON	id:	CVE-2021-34782	date:	2021-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202110-289	date:	2021-10-06T00:00:00
db:	NVD	id:	CVE-2021-34782	date:	2021-10-06T20:15:18.677