ID

VAR-202111-0789


CVE

CVE-2021-42300


TITLE

Azure Sphere  Vulnerability to be tampered with

Trust: 0.8

sources: JVNDB: JVNDB-2021-004380

DESCRIPTION

Azure Sphere Tampering Vulnerability. Microsoft Azure Sphere is a device of Microsoft Corporation in the United States that is used in cloud environments to provide security protection. The vulnerability stems from the network system or product not fully verifying the source or authenticity of the data. Attackers can use forged data to attack

Trust: 2.16

sources: NVD: CVE-2021-42300 // JVNDB: JVNDB-2021-004380 // CNVD: CNVD-2021-94959

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-94959

AFFECTED PRODUCTS

vendor:microsoftmodel:azure spherescope:ltversion:21.10

Trust: 1.6

vendor:マイクロソフトmodel:azure spherescope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // NVD: CVE-2021-42300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-42300
value: MEDIUM

Trust: 1.0

secure@microsoft.com: CVE-2021-42300
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-42300
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-94959
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202111-819
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-42300
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-94959
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-42300
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@microsoft.com: CVE-2021-42300
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-42300
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // CNNVD: CNNVD-202111-819 // NVD: CVE-2021-42300 // NVD: CVE-2021-42300

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004380 // NVD: CVE-2021-42300

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-819

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202111-819

PATCH

title:Azure Sphere Tampering Vulnerability Security Update Guideurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42300

Trust: 0.8

title:Patch for Microsoft Azure Sphere data forgery issue vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/303286

Trust: 0.6

title:Microsoft Azure Sphere Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169162

Trust: 0.6

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // CNNVD: CNNVD-202111-819

EXTERNAL IDS

db:NVDid:CVE-2021-42300

Trust: 3.0

db:JVNDBid:JVNDB-2021-004380

Trust: 0.8

db:CNVDid:CNVD-2021-94959

Trust: 0.6

db:TALOSid:TALOS-2021-1342

Trust: 0.6

db:CS-HELPid:SB2021110912

Trust: 0.6

db:CNNVDid:CNNVD-202111-819

Trust: 0.6

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // CNNVD: CNNVD-202111-819 // NVD: CVE-2021-42300

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-42300

Trust: 2.0

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-42300

Trust: 1.6

url:https://www.ipa.go.jp/security/ciadr/vul/20211110-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2021/at210048.html

Trust: 0.8

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-42300

Trust: 0.6

url:https://talosintelligence.com/vulnerability_reports/talos-2021-1342

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021110912

Trust: 0.6

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // CNNVD: CNNVD-202111-819 // NVD: CVE-2021-42300

CREDITS

Claudio Bozzato with Cisco Talos

Trust: 0.6

sources: CNNVD: CNNVD-202111-819

SOURCES

db:CNVDid:CNVD-2021-94959
db:JVNDBid:JVNDB-2021-004380
db:CNNVDid:CNNVD-202111-819
db:NVDid:CVE-2021-42300

LAST UPDATE DATE

2024-11-23T22:20:43.713000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-94959date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-004380date:2021-11-19T05:05:00
db:CNNVDid:CNNVD-202111-819date:2021-11-23T00:00:00
db:NVDid:CVE-2021-42300date:2024-11-21T06:27:33.463

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-94959date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-004380date:2021-11-19T00:00:00
db:CNNVDid:CNNVD-202111-819date:2021-11-09T00:00:00
db:NVDid:CVE-2021-42300date:2021-11-10T01:19:47.720