ID

VAR-202111-0418


CVE

CVE-2021-34774


TITLE

Cisco Common Services Platform Collector  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014480

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability

Trust: 1.71

sources: NVD: CVE-2021-34774 // JVNDB: JVNDB-2021-014480 // VULHUB: VHN-395016

AFFECTED PRODUCTS

vendor:ciscomodel:common services platform collectorscope:lteversion:2.10

Trust: 1.0

vendor:シスコシステムズmodel:cisco common services platform collectorscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco common services platform collectorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014480 // NVD: CVE-2021-34774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34774
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-34774
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34774
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202111-358
value: MEDIUM

Trust: 0.6

VULHUB: VHN-395016
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34774
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-395016
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34774
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-34774
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-395016 // JVNDB: JVNDB-2021-014480 // CNNVD: CNNVD-202111-358 // NVD: CVE-2021-34774 // NVD: CVE-2021-34774

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:information leak (CWE-200) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-395016 // JVNDB: JVNDB-2021-014480 // NVD: CVE-2021-34774

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-358

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202111-358

PATCH

title:cisco-sa-cspc-info-disc-KM3bGVLurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-info-disc-KM3bGVL

Trust: 0.8

title:Cisco Common Services Platform Collector Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168505

Trust: 0.6

sources: JVNDB: JVNDB-2021-014480 // CNNVD: CNNVD-202111-358

EXTERNAL IDS

db:NVDid:CVE-2021-34774

Trust: 3.3

db:JVNDBid:JVNDB-2021-014480

Trust: 0.8

db:CS-HELPid:SB2021110407

Trust: 0.6

db:AUSCERTid:ESB-2021.3670

Trust: 0.6

db:CNNVDid:CNNVD-202111-358

Trust: 0.6

db:CNVDid:CNVD-2021-101449

Trust: 0.1

db:VULHUBid:VHN-395016

Trust: 0.1

sources: VULHUB: VHN-395016 // JVNDB: JVNDB-2021-014480 // CNNVD: CNNVD-202111-358 // NVD: CVE-2021-34774

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cspc-info-disc-km3bgvl

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-34774

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3670

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021110407

Trust: 0.6

sources: VULHUB: VHN-395016 // JVNDB: JVNDB-2021-014480 // CNNVD: CNNVD-202111-358 // NVD: CVE-2021-34774

SOURCES

db:VULHUBid:VHN-395016
db:JVNDBid:JVNDB-2021-014480
db:CNNVDid:CNNVD-202111-358
db:NVDid:CVE-2021-34774

LAST UPDATE DATE

2024-08-14T15:27:34.926000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-395016date:2021-11-06T00:00:00
db:JVNDBid:JVNDB-2021-014480date:2022-10-19T07:11:00
db:CNNVDid:CNNVD-202111-358date:2021-11-15T00:00:00
db:NVDid:CVE-2021-34774date:2023-11-07T03:36:22.407

SOURCES RELEASE DATE

db:VULHUBid:VHN-395016date:2021-11-04T00:00:00
db:JVNDBid:JVNDB-2021-014480date:2022-10-19T00:00:00
db:CNNVDid:CNNVD-202111-358date:2021-11-03T00:00:00
db:NVDid:CVE-2021-34774date:2021-11-04T16:15:08.810