nvd-json-data-feeds/CVE-2021/CVE-2021-15xx/CVE-2021-1572.json

{
  "id": "CVE-2021-1572",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2021-08-04T18:15:08.470",
  "lastModified": "2022-07-15T17:38:33.317",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en ConfD, podr\u00eda permitir a un atacante local autenticado ejecutar comandos arbitrarios al nivel de la cuenta bajo la que se ejecuta ConfD, que suele ser root. Para explotar esta vulnerabilidad, un atacante debe tener una cuenta v\u00e1lida en un dispositivo afectado. La vulnerabilidad se presenta porque el software afectado ejecuta incorrectamente el servicio de usuario SFTP en el nivel de privilegio de la cuenta que se estaba ejecutando cuando el servidor Secure Shell (SSH) integrado de ConfD para CLI estaba habilitado. Si el servidor SSH integrado de ConfD no estaba habilitado, el dispositivo no est\u00e1 afectado por esta vulnerabilidad. Un atacante con privilegios de bajo nivel podr\u00eda explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitiendo una serie de comandos en la interfaz SFTP. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante elevar los privilegios al nivel de la cuenta bajo la cual se ejecuta ConfD, que es com\u00fanmente root. Nota: Cualquier usuario que pueda autenticarse en el servidor SSH incorporado puede explotar esta vulnerabilidad. Por defecto, todos los usuarios de ConfD presentan este acceso si el servidor est\u00e1 habilitado. Se han publicado actualizaciones de software que solucionan esta vulnerabilidad"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV30": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ]
    },
    {
      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-266"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:confd:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "7.4",
              "versionEndIncluding": "7.4.3",
              "matchCriteriaId": "00B1645F-8B9B-4B33-B059-6BD9F930B693"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:confd:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "7.5",
              "versionEndIncluding": "7.5.2",
              "matchCriteriaId": "B973E75F-7C45-4263-B5C2-1B343651F022"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.4",
              "versionEndIncluding": "5.4.3.1",
              "matchCriteriaId": "1001E8CE-2203-4ED3-A697-9504BADA32D2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.5",
              "versionEndIncluding": "5.5.2.2",
              "matchCriteriaId": "692BACD6-9D45-4F71-8EE6-251DE929EC84"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}