Details of VAR-202110-0212

ID

VAR-202110-0212

CVE

CVE-2021-34766

TITLE

Cisco Smart Software Manager Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-308

DESCRIPTION

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI

Trust: 1.08

sources: NVD: CVE-2021-34766 // VULHUB: VHN-395008 // VULMON: CVE-2021-34766

AFFECTED PRODUCTS

vendor:

cisco

model:

smart software manager on-prem

scope:

version:

8-202108

Trust: 1.0

sources: NVD: CVE-2021-34766

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34766
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34766
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202110-308
value:	HIGH
Trust: 0.6
VULHUB:	VHN-395008
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-34766
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34766
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-395008
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34766
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34766
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-395008 // VULMON: CVE-2021-34766 // CNNVD: CNNVD-202110-308 // NVD: CVE-2021-34766 // NVD: CVE-2021-34766

PROBLEMTYPE DATA

problemtype:

CWE-269

Trust: 1.1

sources: VULHUB: VHN-395008 // NVD: CVE-2021-34766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-308

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-308

PATCH

title:	Cisco Smart Software Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166504	Trust: 0.6
title:	Cisco: Cisco Smart Software Manager Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ssm-priv-esc-5g35cdDJ	Trust: 0.1

sources: VULMON: CVE-2021-34766 // CNNVD: CNNVD-202110-308

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34766	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.3320	Trust: 0.6
db:	CS-HELP	id:	SB2021100704	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-308	Trust: 0.6
db:	VULHUB	id:	VHN-395008	Trust: 0.1
db:	VULMON	id:	CVE-2021-34766	Trust: 0.1

sources: VULHUB: VHN-395008 // VULMON: CVE-2021-34766 // CNNVD: CNNVD-202110-308 // NVD: CVE-2021-34766

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ssm-priv-esc-5g35cddj	Trust: 2.5
url:	https://www.auscert.org.au/bulletins/esb-2021.3320	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34766	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100704	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-395008 // VULMON: CVE-2021-34766 // CNNVD: CNNVD-202110-308 // NVD: CVE-2021-34766

SOURCES

db:	VULHUB	id:	VHN-395008
db:	VULMON	id:	CVE-2021-34766
db:	CNNVD	id:	CNNVD-202110-308
db:	NVD	id:	CVE-2021-34766

LAST UPDATE DATE

2024-08-14T15:37:53.299000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-395008	date:	2021-10-14T00:00:00
db:	VULMON	id:	CVE-2021-34766	date:	2021-10-14T00:00:00
db:	CNNVD	id:	CNNVD-202110-308	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2021-34766	date:	2023-11-07T03:36:20.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-395008	date:	2021-10-06T00:00:00
db:	VULMON	id:	CVE-2021-34766	date:	2021-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202110-308	date:	2021-10-06T00:00:00
db:	NVD	id:	CVE-2021-34766	date:	2021-10-06T20:15:13.287