Details of VAR-202111-0418

ID

VAR-202111-0418

CVE

CVE-2021-34774

TITLE

Cisco Common Services Platform Collector Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014480

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability

Trust: 1.71

sources: NVD: CVE-2021-34774 // JVNDB: JVNDB-2021-014480 // VULHUB: VHN-395016

AFFECTED PRODUCTS

vendor:	cisco	model:	common services platform collector	scope:	lte	version:	2.10	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco common services platform collector	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco common services platform collector	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014480 // NVD: CVE-2021-34774

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34774
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34774
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34774
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202111-358
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-395016
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34774
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-395016
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34774
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-34774
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-395016 // JVNDB: JVNDB-2021-014480 // CNNVD: CNNVD-202111-358 // NVD: CVE-2021-34774 // NVD: CVE-2021-34774

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-395016 // JVNDB: JVNDB-2021-014480 // NVD: CVE-2021-34774

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-358

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202111-358

PATCH

title:	cisco-sa-cspc-info-disc-KM3bGVL	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-info-disc-KM3bGVL	Trust: 0.8
title:	Cisco Common Services Platform Collector Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168505	Trust: 0.6

sources: JVNDB: JVNDB-2021-014480 // CNNVD: CNNVD-202111-358

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34774	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014480	Trust: 0.8
db:	CS-HELP	id:	SB2021110407	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3670	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-358	Trust: 0.6
db:	CNVD	id:	CNVD-2021-101449	Trust: 0.1
db:	VULHUB	id:	VHN-395016	Trust: 0.1

sources: VULHUB: VHN-395016 // JVNDB: JVNDB-2021-014480 // CNNVD: CNNVD-202111-358 // NVD: CVE-2021-34774

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cspc-info-disc-km3bgvl	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34774	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.3670	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110407	Trust: 0.6

sources: VULHUB: VHN-395016 // JVNDB: JVNDB-2021-014480 // CNNVD: CNNVD-202111-358 // NVD: CVE-2021-34774

SOURCES

db:	VULHUB	id:	VHN-395016
db:	JVNDB	id:	JVNDB-2021-014480
db:	CNNVD	id:	CNNVD-202111-358
db:	NVD	id:	CVE-2021-34774

LAST UPDATE DATE

2024-08-14T15:27:34.926000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-395016	date:	2021-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-014480	date:	2022-10-19T07:11:00
db:	CNNVD	id:	CNNVD-202111-358	date:	2021-11-15T00:00:00
db:	NVD	id:	CVE-2021-34774	date:	2023-11-07T03:36:22.407

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-395016	date:	2021-11-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-014480	date:	2022-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202111-358	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2021-34774	date:	2021-11-04T16:15:08.810