Details of VAR-202111-0789

ID

VAR-202111-0789

CVE

CVE-2021-42300

TITLE

Azure Sphere Vulnerability to be tampered with

Trust: 0.8

sources: JVNDB: JVNDB-2021-004380

DESCRIPTION

Azure Sphere Tampering Vulnerability. Microsoft Azure Sphere is a device of Microsoft Corporation in the United States that is used in cloud environments to provide security protection. The vulnerability stems from the network system or product not fully verifying the source or authenticity of the data. Attackers can use forged data to attack

Trust: 2.16

sources: NVD: CVE-2021-42300 // JVNDB: JVNDB-2021-004380 // CNVD: CNVD-2021-94959

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-94959

AFFECTED PRODUCTS

vendor:	microsoft	model:	azure sphere	scope:	lt	version:	21.10	Trust: 1.6
vendor:	マイクロソフト	model:	azure sphere	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // NVD: CVE-2021-42300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42300
value:	MEDIUM
Trust: 1.0
secure@microsoft.com:	CVE-2021-42300
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-42300
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-94959
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202111-819
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-42300
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-94959
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-42300
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@microsoft.com:	CVE-2021-42300
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-42300
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // CNNVD: CNNVD-202111-819 // NVD: CVE-2021-42300 // NVD: CVE-2021-42300

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004380 // NVD: CVE-2021-42300

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-819

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202111-819

PATCH

title:	Azure Sphere Tampering Vulnerability Security Update Guide	url:	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42300	Trust: 0.8
title:	Patch for Microsoft Azure Sphere data forgery issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/303286	Trust: 0.6
title:	Microsoft Azure Sphere Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169162	Trust: 0.6

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // CNNVD: CNNVD-202111-819

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42300	Trust: 3.0
db:	JVNDB	id:	JVNDB-2021-004380	Trust: 0.8
db:	CNVD	id:	CNVD-2021-94959	Trust: 0.6
db:	TALOS	id:	TALOS-2021-1342	Trust: 0.6
db:	CS-HELP	id:	SB2021110912	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-819	Trust: 0.6

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // CNNVD: CNNVD-202111-819 // NVD: CVE-2021-42300

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-42300	Trust: 2.0
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-42300	Trust: 1.6
url:	https://www.ipa.go.jp/security/ciadr/vul/20211110-ms.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2021/at210048.html	Trust: 0.8
url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-42300	Trust: 0.6
url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1342	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021110912	Trust: 0.6

sources: CNVD: CNVD-2021-94959 // JVNDB: JVNDB-2021-004380 // CNNVD: CNNVD-202111-819 // NVD: CVE-2021-42300

CREDITS

Claudio Bozzato with Cisco Talos

Trust: 0.6

sources: CNNVD: CNNVD-202111-819

SOURCES

db:	CNVD	id:	CNVD-2021-94959
db:	JVNDB	id:	JVNDB-2021-004380
db:	CNNVD	id:	CNNVD-202111-819
db:	NVD	id:	CVE-2021-42300

LAST UPDATE DATE

2024-08-14T13:43:14.917000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-94959	date:	2021-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-004380	date:	2021-11-19T05:05:00
db:	CNNVD	id:	CNNVD-202111-819	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-42300	date:	2023-12-28T16:15:58.273

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-94959	date:	2021-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-004380	date:	2021-11-19T00:00:00
db:	CNNVD	id:	CNNVD-202111-819	date:	2021-11-09T00:00:00
db:	NVD	id:	CVE-2021-42300	date:	2021-11-10T01:19:47.720