Details of VAR-202105-0635

ID

VAR-202105-0635

CVE

CVE-2021-1438

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Wide Area Application Services is an application system of Cisco (Cisco). Used to work together to optimize TCP traffic on the network

Trust: 1.62

sources: NVD: CVE-2021-1438 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374492 // VULMON: CVE-2021-1438

AFFECTED PRODUCTS

vendor:

cisco

model:

wide area application services

scope:

lte

version:

6.4.5a

Trust: 1.0

sources: NVD: CVE-2021-1438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1438
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1438
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-202
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374492
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1438
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1438
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374492
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1438
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-374492 // VULMON: CVE-2021-1438 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-202 // NVD: CVE-2021-1438 // NVD: CVE-2021-1438

PROBLEMTYPE DATA

problemtype:

CWE-668

Trust: 1.1

sources: VULHUB: VHN-374492 // NVD: CVE-2021-1438

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-202

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-202

PATCH

title:	Cisco Wide Area Application Services Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149232	Trust: 0.6
title:	Cisco: Cisco Wide Area Application Services Software Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-waas-infdisc-Twb4EypK	Trust: 0.1

sources: VULMON: CVE-2021-1438 // CNNVD: CNNVD-202105-202

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1438	Trust: 1.8
db:	CNNVD	id:	CNNVD-202105-202	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050611	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1549	Trust: 0.6
db:	VULHUB	id:	VHN-374492	Trust: 0.1
db:	VULMON	id:	CVE-2021-1438	Trust: 0.1

sources: VULHUB: VHN-374492 // VULMON: CVE-2021-1438 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-202 // NVD: CVE-2021-1438

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-waas-infdisc-twb4eypk	Trust: 2.5
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050611	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1549	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374492 // VULMON: CVE-2021-1438 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-202 // NVD: CVE-2021-1438

SOURCES

db:	VULHUB	id:	VHN-374492
db:	VULMON	id:	CVE-2021-1438
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-202
db:	NVD	id:	CVE-2021-1438

LAST UPDATE DATE

2024-08-14T12:52:17.348000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374492	date:	2021-05-17T00:00:00
db:	VULMON	id:	CVE-2021-1438	date:	2021-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-202	date:	2021-05-19T00:00:00
db:	NVD	id:	CVE-2021-1438	date:	2023-11-07T03:28:18.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374492	date:	2021-05-06T00:00:00
db:	VULMON	id:	CVE-2021-1438	date:	2021-05-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-202	date:	2021-05-05T00:00:00
db:	NVD	id:	CVE-2021-1438	date:	2021-05-06T13:15:10.257