ID

VAR-202110-0619


CVE

CVE-2021-40121


TITLE

Cisco Identity Services Engine  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013938

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. An attacker can exploit this vulnerability by injecting malicious code into specific pages of the interface. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code within the UI context, or access sensitive browser-based information. To exploit this vulnerability, an attacker would need valid administrative credentials

Trust: 1.8

sources: NVD: CVE-2021-40121 // JVNDB: JVNDB-2021-013938 // VULHUB: VHN-397800 // VULMON: CVE-2021-40121

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7\(0.903\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6\(0.999\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.0.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7\(0.207\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7

Trust: 1.0

vendor:ciscomodel:identity services enginescope:lteversion:2.6

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.0\(0.458\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6\(0.156\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7\(0.356\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013938 // NVD: CVE-2021-40121

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40121
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-40121
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-40121
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202110-1502
value: MEDIUM

Trust: 0.6

VULHUB: VHN-397800
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-40121
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-397800
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-40121
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-40121
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2021-40121
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-397800 // JVNDB: JVNDB-2021-013938 // CNNVD: CNNVD-202110-1502 // NVD: CVE-2021-40121 // NVD: CVE-2021-40121

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-397800 // JVNDB: JVNDB-2021-013938 // NVD: CVE-2021-40121

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1502

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202110-1502

PATCH

title:cisco-sa-ise-xss1-rgxYry2Vurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V

Trust: 0.8

title:Cisco Identity Services Engine Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166671

Trust: 0.6

title:Cisco: Cisco Identity Services Engine Cross-Site Scripting Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ise-xss1-rgxYry2V

Trust: 0.1

sources: VULMON: CVE-2021-40121 // JVNDB: JVNDB-2021-013938 // CNNVD: CNNVD-202110-1502

EXTERNAL IDS

db:NVDid:CVE-2021-40121

Trust: 3.4

db:JVNDBid:JVNDB-2021-013938

Trust: 0.8

db:CNNVDid:CNNVD-202110-1502

Trust: 0.7

db:CS-HELPid:SB2021102133

Trust: 0.6

db:AUSCERTid:ESB-2021.3502

Trust: 0.6

db:VULHUBid:VHN-397800

Trust: 0.1

db:VULMONid:CVE-2021-40121

Trust: 0.1

sources: VULHUB: VHN-397800 // VULMON: CVE-2021-40121 // JVNDB: JVNDB-2021-013938 // CNNVD: CNNVD-202110-1502 // NVD: CVE-2021-40121

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-xss1-rgxyry2v

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-40121

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021102133

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3502

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-397800 // VULMON: CVE-2021-40121 // JVNDB: JVNDB-2021-013938 // CNNVD: CNNVD-202110-1502 // NVD: CVE-2021-40121

SOURCES

db:VULHUBid:VHN-397800
db:VULMONid:CVE-2021-40121
db:JVNDBid:JVNDB-2021-013938
db:CNNVDid:CNNVD-202110-1502
db:NVDid:CVE-2021-40121

LAST UPDATE DATE

2024-11-23T22:16:00.741000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-397800date:2021-10-25T00:00:00
db:VULMONid:CVE-2021-40121date:2021-10-21T00:00:00
db:JVNDBid:JVNDB-2021-013938date:2022-09-30T01:26:00
db:CNNVDid:CNNVD-202110-1502date:2021-11-03T00:00:00
db:NVDid:CVE-2021-40121date:2024-11-21T06:23:37.020

SOURCES RELEASE DATE

db:VULHUBid:VHN-397800date:2021-10-21T00:00:00
db:VULMONid:CVE-2021-40121date:2021-10-21T00:00:00
db:JVNDBid:JVNDB-2021-013938date:2022-09-30T00:00:00
db:CNNVDid:CNNVD-202110-1502date:2021-10-20T00:00:00
db:NVDid:CVE-2021-40121date:2021-10-21T03:15:07.223