2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2021-40121" ,
2025-01-26 03:03:52 +00:00
"sourceIdentifier" : "psirt@cisco.com" ,
2023-04-24 12:24:31 +02:00
"published" : "2021-10-21T03:15:07.223" ,
2024-11-23 15:12:23 +00:00
"lastModified" : "2024-11-21T06:23:37.020" ,
2023-11-07 21:03:21 +00:00
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory."
} ,
{
"lang" : "es" ,
"value" : "Varias vulnerabilidades en la interfaz de administraci\u00f3n basada en web de Cisco Identity Services Engine (ISE) Software podr\u00edan permitir a un atacante conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
2025-01-26 03:03:52 +00:00
"source" : "psirt@cisco.com" ,
2024-11-23 15:12:23 +00:00
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"cvssData" : {
"version" : "3.1" ,
2024-11-23 15:12:23 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" ,
"baseScore" : 6.1 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
2024-11-23 15:12:23 +00:00
"privilegesRequired" : "NONE" ,
2023-04-24 12:24:31 +02:00
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
2024-11-23 15:12:23 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
2024-11-23 15:12:23 +00:00
"exploitabilityScore" : 2.8 ,
2023-04-24 12:24:31 +02:00
"impactScore" : 2.7
2023-11-07 21:03:21 +00:00
} ,
2023-04-24 12:24:31 +02:00
{
2024-11-23 15:12:23 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"cvssData" : {
2023-11-07 21:03:21 +00:00
"version" : "3.1" ,
2024-11-23 15:12:23 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" ,
"baseScore" : 4.8 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
2024-11-23 15:12:23 +00:00
"privilegesRequired" : "HIGH" ,
2023-04-24 12:24:31 +02:00
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
2024-11-23 15:12:23 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
2024-11-23 15:12:23 +00:00
"exploitabilityScore" : 1.7 ,
2023-04-24 12:24:31 +02:00
"impactScore" : 2.7
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N" ,
2024-11-23 15:12:23 +00:00
"baseScore" : 3.5 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "PARTIAL" ,
2024-11-23 15:12:23 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "LOW" ,
"exploitabilityScore" : 6.8 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
} ,
"weaknesses" : [
{
2025-01-26 03:03:52 +00:00
"source" : "psirt@cisco.com" ,
2024-11-23 15:12:23 +00:00
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
} ,
{
2024-11-23 15:12:23 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "2.6" ,
"matchCriteriaId" : "ECD1F469-FCCE-4FB4-98D5-DA385B746E30"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6\\(0.156\\):*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2DBAC90B-72AE-4B0B-92DC-D226F3AFD0F8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6\\(0.999\\):-:*:*:*:*:*:*" ,
"matchCriteriaId" : "F13BAF35-E854-4C04-8FFE-0DB3310501E0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6.0:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "8B45856E-6BE4-40A7-AE2F-4F9DC9315875"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*" ,
"matchCriteriaId" : "1F6D1780-3306-4481-A3CD-8F7732D955CC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*" ,
"matchCriteriaId" : "07BF9702-0607-49A1-A82A-E4ADF1A4135F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*" ,
"matchCriteriaId" : "11AA4EC0-6F3C-45A9-9AA4-0D81876F44B5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*" ,
"matchCriteriaId" : "1B4B88F0-3229-4B07-9308-C37C794595A0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*" ,
"matchCriteriaId" : "E02F0E61-FBFF-4C6D-9132-E266FF67802B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*" ,
"matchCriteriaId" : "541EC483-540A-4080-AA69-82A0F30EE3D6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*" ,
"matchCriteriaId" : "66CAFE97-295F-48F7-A92C-A90D3B837483"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:*" ,
"matchCriteriaId" : "68E172B4-867E-4413-9D45-F04B52270D41"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4A5D3792-5ECB-498A-967F-3564DDFB4B36"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.207\\):*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B82A55D0-F97A-4C8E-86E5-6F7683281290"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.356\\):*:*:*:*:*:*:*" ,
"matchCriteriaId" : "887E1D44-9739-40E1-8E9E-996FBE0CE823"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.356\\):-:*:*:*:*:*:*" ,
"matchCriteriaId" : "1002D75A-03DF-4958-8368-8F73F03C3E00"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.903\\):*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8E0A5B82-0661-4F2F-932D-4BA3649EA62A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "1F22FABF-2831-4895-B0A9-283B98398F43"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*" ,
"matchCriteriaId" : "B83D0F20-5A43-4583-AFAF-CD9D20352437"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*" ,
"matchCriteriaId" : "2887A2C0-BADA-41D3-AA6A-F10BC58AA7F9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*" ,
"matchCriteriaId" : "5ADE32BD-C500-47D8-86D6-B08F55F1BBDF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*" ,
"matchCriteriaId" : "22F23314-96BE-42F6-AE07-CC13F8856029"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:3.0\\(0.458\\):*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CDA8B438-3EAB-4383-B24B-22D08CB44EE5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "A1063044-BCD7-487F-9880-141C30547E36"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*" ,
"matchCriteriaId" : "DA42E65A-7207-48B8-BE1B-0B352201BC09"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*" ,
"matchCriteriaId" : "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V" ,
2025-01-26 03:03:52 +00:00
"source" : "psirt@cisco.com" ,
2023-04-24 12:24:31 +02:00
"tags" : [
"Vendor Advisory"
]
2024-11-23 15:12:23 +00:00
} ,
{
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
