fkie_cve-2021-34738
Vulnerability from fkie_nvd
Published
2021-10-21 03:15
Modified
2024-11-21 06:11
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | identity_services_engine | * | |
| cisco | identity_services_engine | 2.6.0 | |
| cisco | identity_services_engine | 2.6.0 | |
| cisco | identity_services_engine | 2.6.0 | |
| cisco | identity_services_engine | 2.6.0 | |
| cisco | identity_services_engine | 2.6.0 | |
| cisco | identity_services_engine | 2.6.0 | |
| cisco | identity_services_engine | 2.6.0 | |
| cisco | identity_services_engine | 2.6.0 | |
| cisco | identity_services_engine | 2.6.0 | |
| cisco | identity_services_engine | 2.7 | |
| cisco | identity_services_engine | 2.7\(0.207\) | |
| cisco | identity_services_engine | 2.7\(0.356\) | |
| cisco | identity_services_engine | 2.7\(0.356\) | |
| cisco | identity_services_engine | 2.7\(0.903\) | |
| cisco | identity_services_engine | 2.7.0 | |
| cisco | identity_services_engine | 2.7.0 | |
| cisco | identity_services_engine | 2.7.0 | |
| cisco | identity_services_engine | 2.7.0 | |
| cisco | identity_services_engine | 2.7.0 | |
| cisco | identity_services_engine | 3.0\(0.458\) | |
| cisco | identity_services_engine | 3.0.0 | |
| cisco | identity_services_engine | 3.0.0 | |
| cisco | identity_services_engine | 3.0.0 | |
| cisco | identity_services_engine | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "776397EC-F775-4068-A811-D57FC2DDAF8C",
"versionEndExcluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "8B45856E-6BE4-40A7-AE2F-4F9DC9315875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "1F6D1780-3306-4481-A3CD-8F7732D955CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "07BF9702-0607-49A1-A82A-E4ADF1A4135F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "11AA4EC0-6F3C-45A9-9AA4-0D81876F44B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "1B4B88F0-3229-4B07-9308-C37C794595A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "E02F0E61-FBFF-4C6D-9132-E266FF67802B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*",
"matchCriteriaId": "541EC483-540A-4080-AA69-82A0F30EE3D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*",
"matchCriteriaId": "66CAFE97-295F-48F7-A92C-A90D3B837483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:*",
"matchCriteriaId": "68E172B4-867E-4413-9D45-F04B52270D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5D3792-5ECB-498A-967F-3564DDFB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.207\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B82A55D0-F97A-4C8E-86E5-6F7683281290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.356\\):*:*:*:*:*:*:*",
"matchCriteriaId": "887E1D44-9739-40E1-8E9E-996FBE0CE823",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.356\\):-:*:*:*:*:*:*",
"matchCriteriaId": "1002D75A-03DF-4958-8368-8F73F03C3E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.903\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8E0A5B82-0661-4F2F-932D-4BA3649EA62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1F22FABF-2831-4895-B0A9-283B98398F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B83D0F20-5A43-4583-AFAF-CD9D20352437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "2887A2C0-BADA-41D3-AA6A-F10BC58AA7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "5ADE32BD-C500-47D8-86D6-B08F55F1BBDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "22F23314-96BE-42F6-AE07-CC13F8856029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0\\(0.458\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CDA8B438-3EAB-4383-B24B-22D08CB44EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A1063044-BCD7-487F-9880-141C30547E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DA42E65A-7207-48B8-BE1B-0B352201BC09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "C5FB6AA6-F8C9-48A6-BDDA-1D25C43564EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web Cisco Identity Services Engine (ISE) Software podr\u00edan permitir a un atacante conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso"
}
],
"id": "CVE-2021-34738",
"lastModified": "2024-11-21T06:11:05.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-21T03:15:06.940",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.