Details of VAR-202111-0393

ID

VAR-202111-0393

CVE

CVE-2021-40126

TITLE

Cisco Umbrella Vulnerability regarding information leakage due to error messages in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014452

DESCRIPTION

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system. Cisco Umbrella Contains a vulnerability related to information leakage due to error messages.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-40126 // JVNDB: JVNDB-2021-014452 // VULHUB: VHN-401516

AFFECTED PRODUCTS

vendor:	cisco	model:	umbrella	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco umbrella 仮想アプライアンス	scope:	eq	version:	cisco umbrella virtual appliance	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco umbrella 仮想アプライアンス	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014452 // NVD: CVE-2021-40126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40126
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-40126
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-40126
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202111-353
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-401516
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-40126
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-401516
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-40126
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-40126
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-401516 // JVNDB: JVNDB-2021-014452 // CNNVD: CNNVD-202111-353 // NVD: CVE-2021-40126 // NVD: CVE-2021-40126

PROBLEMTYPE DATA

problemtype:	CWE-209	Trust: 1.1
problemtype:	CWE-210	Trust: 1.0
problemtype:	Information leakage due to error message (CWE-209) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-401516 // JVNDB: JVNDB-2021-014452 // NVD: CVE-2021-40126

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-353

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-353

PATCH

title:	cisco-sa-umbrella-user-enum-S7XfJwDE	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-user-enum-S7XfJwDE	Trust: 0.8
title:	Cisco Umbrella Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168500	Trust: 0.6

sources: JVNDB: JVNDB-2021-014452 // CNNVD: CNNVD-202111-353

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40126	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014452	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3675	Trust: 0.6
db:	CS-HELP	id:	SB2021110404	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-353	Trust: 0.6
db:	VULHUB	id:	VHN-401516	Trust: 0.1

sources: VULHUB: VHN-401516 // JVNDB: JVNDB-2021-014452 // CNNVD: CNNVD-202111-353 // NVD: CVE-2021-40126

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umbrella-user-enum-s7xfjwde	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40126	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3675	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110404	Trust: 0.6

sources: VULHUB: VHN-401516 // JVNDB: JVNDB-2021-014452 // CNNVD: CNNVD-202111-353 // NVD: CVE-2021-40126

SOURCES

db:	VULHUB	id:	VHN-401516
db:	JVNDB	id:	JVNDB-2021-014452
db:	CNNVD	id:	CNNVD-202111-353
db:	NVD	id:	CVE-2021-40126

LAST UPDATE DATE

2024-11-23T21:33:30.389000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-401516	date:	2021-11-05T00:00:00
db:	JVNDB	id:	JVNDB-2021-014452	date:	2022-10-19T01:31:00
db:	CNNVD	id:	CNNVD-202111-353	date:	2021-11-08T00:00:00
db:	NVD	id:	CVE-2021-40126	date:	2024-11-21T06:23:37.870

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-401516	date:	2021-11-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-014452	date:	2022-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202111-353	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2021-40126	date:	2021-11-04T16:15:09.577