ID

VAR-202110-0583


CVE

CVE-2021-34738


TITLE

Cisco Identity Services Engine  Cross-site scripting vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-014093

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. An attacker can exploit this vulnerability by injecting malicious code into specific pages of the interface. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code within the UI context, or access sensitive browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials

Trust: 1.8

sources: NVD: CVE-2021-34738 // JVNDB: JVNDB-2021-014093 // VULHUB: VHN-394980 // VULMON: CVE-2021-34738

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:ltversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7\(0.356\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7\(0.903\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.0.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.0\(0.458\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7\(0.207\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014093 // NVD: CVE-2021-34738

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34738
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34738
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34738
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202110-1504
value: MEDIUM

Trust: 0.6

VULHUB: VHN-394980
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34738
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-394980
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34738
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: CVE-2021-34738
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-394980 // JVNDB: JVNDB-2021-014093 // CNNVD: CNNVD-202110-1504 // NVD: CVE-2021-34738 // NVD: CVE-2021-34738

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-394980 // JVNDB: JVNDB-2021-014093 // NVD: CVE-2021-34738

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1504

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202110-1504

PATCH

title:cisco-sa-ise-xss1-rgxYry2Vurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V

Trust: 0.8

title:Cisco Identity Services Engine Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166672

Trust: 0.6

title:Cisco: Cisco Identity Services Engine Cross-Site Scripting Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ise-xss1-rgxYry2V

Trust: 0.1

sources: VULMON: CVE-2021-34738 // JVNDB: JVNDB-2021-014093 // CNNVD: CNNVD-202110-1504

EXTERNAL IDS

db:NVDid:CVE-2021-34738

Trust: 3.4

db:JVNDBid:JVNDB-2021-014093

Trust: 0.8

db:CNNVDid:CNNVD-202110-1504

Trust: 0.7

db:CS-HELPid:SB2021102132

Trust: 0.6

db:AUSCERTid:ESB-2021.3502

Trust: 0.6

db:VULHUBid:VHN-394980

Trust: 0.1

db:VULMONid:CVE-2021-34738

Trust: 0.1

sources: VULHUB: VHN-394980 // VULMON: CVE-2021-34738 // JVNDB: JVNDB-2021-014093 // CNNVD: CNNVD-202110-1504 // NVD: CVE-2021-34738

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-xss1-rgxyry2v

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34738

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021102132

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3502

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-394980 // VULMON: CVE-2021-34738 // JVNDB: JVNDB-2021-014093 // CNNVD: CNNVD-202110-1504 // NVD: CVE-2021-34738

SOURCES

db:VULHUBid:VHN-394980
db:VULMONid:CVE-2021-34738
db:JVNDBid:JVNDB-2021-014093
db:CNNVDid:CNNVD-202110-1504
db:NVDid:CVE-2021-34738

LAST UPDATE DATE

2024-08-14T14:03:03.211000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394980date:2021-10-26T00:00:00
db:VULMONid:CVE-2021-34738date:2021-10-21T00:00:00
db:JVNDBid:JVNDB-2021-014093date:2022-10-05T00:55:00
db:CNNVDid:CNNVD-202110-1504date:2021-11-02T00:00:00
db:NVDid:CVE-2021-34738date:2023-11-07T03:36:15.633

SOURCES RELEASE DATE

db:VULHUBid:VHN-394980date:2021-10-21T00:00:00
db:VULMONid:CVE-2021-34738date:2021-10-21T00:00:00
db:JVNDBid:JVNDB-2021-014093date:2022-10-05T00:00:00
db:CNNVDid:CNNVD-202110-1504date:2021-10-20T00:00:00
db:NVDid:CVE-2021-34738date:2021-10-21T03:15:06.940