ID

VAR-202110-0212


CVE

CVE-2021-34766


TITLE

Cisco Smart Software Manager Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-308

DESCRIPTION

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI

Trust: 1.08

sources: NVD: CVE-2021-34766 // VULHUB: VHN-395008 // VULMON: CVE-2021-34766

AFFECTED PRODUCTS

vendor:ciscomodel:smart software manager on-premscope:ltversion:8-202108

Trust: 1.0

sources: NVD: CVE-2021-34766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34766
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34766
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202110-308
value: HIGH

Trust: 0.6

VULHUB: VHN-395008
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-34766
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34766
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-395008
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34766
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34766
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-395008 // VULMON: CVE-2021-34766 // CNNVD: CNNVD-202110-308 // NVD: CVE-2021-34766 // NVD: CVE-2021-34766

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

sources: VULHUB: VHN-395008 // NVD: CVE-2021-34766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-308

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-308

PATCH

title:Cisco Smart Software Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166504

Trust: 0.6

title:Cisco: Cisco Smart Software Manager Privilege Escalation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ssm-priv-esc-5g35cdDJ

Trust: 0.1

sources: VULMON: CVE-2021-34766 // CNNVD: CNNVD-202110-308

EXTERNAL IDS

db:NVDid:CVE-2021-34766

Trust: 1.8

db:AUSCERTid:ESB-2021.3320

Trust: 0.6

db:CS-HELPid:SB2021100704

Trust: 0.6

db:CNNVDid:CNNVD-202110-308

Trust: 0.6

db:VULHUBid:VHN-395008

Trust: 0.1

db:VULMONid:CVE-2021-34766

Trust: 0.1

sources: VULHUB: VHN-395008 // VULMON: CVE-2021-34766 // CNNVD: CNNVD-202110-308 // NVD: CVE-2021-34766

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ssm-priv-esc-5g35cddj

Trust: 2.5

url:https://www.auscert.org.au/bulletins/esb-2021.3320

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-34766

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021100704

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-395008 // VULMON: CVE-2021-34766 // CNNVD: CNNVD-202110-308 // NVD: CVE-2021-34766

SOURCES

db:VULHUBid:VHN-395008
db:VULMONid:CVE-2021-34766
db:CNNVDid:CNNVD-202110-308
db:NVDid:CVE-2021-34766

LAST UPDATE DATE

2024-08-14T15:37:53.299000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395008date:2021-10-14T00:00:00
db:VULMONid:CVE-2021-34766date:2021-10-14T00:00:00
db:CNNVDid:CNNVD-202110-308date:2021-10-20T00:00:00
db:NVDid:CVE-2021-34766date:2023-11-07T03:36:20.810

SOURCES RELEASE DATE

db:VULHUBid:VHN-395008date:2021-10-06T00:00:00
db:VULMONid:CVE-2021-34766date:2021-10-06T00:00:00
db:CNNVDid:CNNVD-202110-308date:2021-10-06T00:00:00
db:NVDid:CVE-2021-34766date:2021-10-06T20:15:13.287