ID

VAR-202111-0664


CVE

CVE-2021-40119


TITLE

Cisco Policy Suite  Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014884

DESCRIPTION

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. Cisco Policy Suite Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-40119 // JVNDB: JVNDB-2021-014884 // VULHUB: VHN-401512 // VULMON: CVE-2021-40119

AFFECTED PRODUCTS

vendor:ciscomodel:policy suitescope:ltversion:21.1.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco policy suitescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco policy suitescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014884 // NVD: CVE-2021-40119

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40119
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2021-40119
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-40119
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202111-352
value: CRITICAL

Trust: 0.6

VULHUB: VHN-401512
value: HIGH

Trust: 0.1

VULMON: CVE-2021-40119
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-40119
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-401512
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-40119
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-40119
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-401512 // VULMON: CVE-2021-40119 // JVNDB: JVNDB-2021-014884 // CNNVD: CNNVD-202111-352 // NVD: CVE-2021-40119 // NVD: CVE-2021-40119

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:CWE-321

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401512 // JVNDB: JVNDB-2021-014884 // NVD: CVE-2021-40119

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-352

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202111-352

PATCH

title:cisco-sa-cps-static-key-JmS92hNvurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv

Trust: 0.8

title:Cisco Policy Suite Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169791

Trust: 0.6

title:Cisco: Cisco Policy Suite Static SSH Keys Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cps-static-key-JmS92hNv

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisco-umbrella-default-ssh-key-allows-theft-of-admin-credentials/

Trust: 0.1

sources: VULMON: CVE-2021-40119 // JVNDB: JVNDB-2021-014884 // CNNVD: CNNVD-202111-352

EXTERNAL IDS

db:NVDid:CVE-2021-40119

Trust: 3.4

db:JVNDBid:JVNDB-2021-014884

Trust: 0.8

db:CS-HELPid:SB2021110413

Trust: 0.6

db:AUSCERTid:ESB-2021.3667

Trust: 0.6

db:CNNVDid:CNNVD-202111-352

Trust: 0.6

db:VULHUBid:VHN-401512

Trust: 0.1

db:VULMONid:CVE-2021-40119

Trust: 0.1

sources: VULHUB: VHN-401512 // VULMON: CVE-2021-40119 // JVNDB: JVNDB-2021-014884 // CNNVD: CNNVD-202111-352 // NVD: CVE-2021-40119

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cps-static-key-jms92hnv

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-40119

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.3667

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021110413

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/798.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-401512 // VULMON: CVE-2021-40119 // JVNDB: JVNDB-2021-014884 // CNNVD: CNNVD-202111-352 // NVD: CVE-2021-40119

SOURCES

db:VULHUBid:VHN-401512
db:VULMONid:CVE-2021-40119
db:JVNDBid:JVNDB-2021-014884
db:CNNVDid:CNNVD-202111-352
db:NVDid:CVE-2021-40119

LAST UPDATE DATE

2024-11-23T22:25:03.096000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-401512date:2021-11-12T00:00:00
db:VULMONid:CVE-2021-40119date:2021-11-12T00:00:00
db:JVNDBid:JVNDB-2021-014884date:2022-10-31T06:49:00
db:CNNVDid:CNNVD-202111-352date:2021-11-15T00:00:00
db:NVDid:CVE-2021-40119date:2024-11-21T06:23:36.720

SOURCES RELEASE DATE

db:VULHUBid:VHN-401512date:2021-11-04T00:00:00
db:VULMONid:CVE-2021-40119date:2021-11-04T00:00:00
db:JVNDBid:JVNDB-2021-014884date:2022-10-31T00:00:00
db:CNNVDid:CNNVD-202111-352date:2021-11-03T00:00:00
db:NVDid:CVE-2021-40119date:2021-11-04T16:15:09.360