CVE-2021-34738

Published Oct 21, 2021

Last updated a year ago

CVSS medium 6.1

Overview

Description: Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79
ykramarz@cisco.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "776397EC-F775-4068-A811-D57FC2DDAF8C",
            "versionEndExcluding": "2.6.0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B45856E-6BE4-40A7-AE2F-4F9DC9315875"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F6D1780-3306-4481-A3CD-8F7732D955CC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07BF9702-0607-49A1-A82A-E4ADF1A4135F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11AA4EC0-6F3C-45A9-9AA4-0D81876F44B5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B4B88F0-3229-4B07-9308-C37C794595A0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E02F0E61-FBFF-4C6D-9132-E266FF67802B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "541EC483-540A-4080-AA69-82A0F30EE3D6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66CAFE97-295F-48F7-A92C-A90D3B837483"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68E172B4-867E-4413-9D45-F04B52270D41"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A5D3792-5ECB-498A-967F-3564DDFB4B36"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.207\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B82A55D0-F97A-4C8E-86E5-6F7683281290"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.356\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "887E1D44-9739-40E1-8E9E-996FBE0CE823"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.356\\):-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1002D75A-03DF-4958-8368-8F73F03C3E00"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7\\(0.903\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E0A5B82-0661-4F2F-932D-4BA3649EA62A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F22FABF-2831-4895-B0A9-283B98398F43"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B83D0F20-5A43-4583-AFAF-CD9D20352437"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2887A2C0-BADA-41D3-AA6A-F10BC58AA7F9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5ADE32BD-C500-47D8-86D6-B08F55F1BBDF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22F23314-96BE-42F6-AE07-CC13F8856029"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0\\(0.458\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDA8B438-3EAB-4383-B24B-22D08CB44EE5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1063044-BCD7-487F-9880-141C30547E36"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA42E65A-7207-48B8-BE1B-0B352201BC09"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96"
          },
          {
            "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5FB6AA6-F8C9-48A6-BDDA-1D25C43564EB"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References