nvd-json-data-feeds/CVE-2021/CVE-2021-14xx/CVE-2021-1477.json

{
  "id": "CVE-2021-1477",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2021-04-29T18:15:09.233",
  "lastModified": "2022-08-05T16:16:45.833",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected software. An attacker could exploit this vulnerability by directly accessing the internal services of an affected device. A successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en un mecanismo de control de acceso del software Cisco Firepower Management Center (FMC), podr\u00eda permitir a un atacante remoto autenticado acceder a servicios m\u00e1s all\u00e1 del alcance de su autorizaci\u00f3n. Esta vulnerabilidad es debido a una aplicaci\u00f3n insuficiente del control de acceso en el software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al acceder directamente a los servicios internos de un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante sobrescribir las pol\u00edticas y afectar la configuraci\u00f3n y el funcionamiento del dispositivo afectado"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV30": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    },
    {
      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "6.4.0.12",
              "matchCriteriaId": "B115BE28-F8E3-4D8D-B6C3-BC5E06EA5CFB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.5.0",
              "versionEndExcluding": "6.6.3",
              "matchCriteriaId": "9E295376-CEA1-457B-8E02-B390211B835C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.7.0",
              "versionEndExcluding": "6.7.0.2",
              "matchCriteriaId": "CAB14C96-07CC-4A6E-8A27-84E857C1B74E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-iac-pZDMQ4wC",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}