CVE-2021-1522

A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-GkCvfd4	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:connected_mobile_experiences:10.6.0:::::::*
	cpe:2.3:a:cisco:connected_mobile_experiences:10.6.1:::::::*
	cpe:2.3:a:cisco:connected_mobile_experiences:10.6.2:::::::*
	cpe:2.3:a:cisco:connected_mobile_experiences:10.6.3:::::::*

History

No history.

Information

Published : 2021-08-04 18:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-1522

Mitre link : CVE-2021-1522

CVE.ORG link : CVE-2021-1522

JSON object : View

Products Affected

cisco

connected_mobile_experiences

CWE

CWE-521

Weak Password Requirements

CWE-255

Credentials Management Errors

{"id": "CVE-2021-1522", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2021-08-04T18:15:08.287", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-GkCvfd4", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements."}, {"lang": "es", "value": "Una vulnerabilidad en la API de cambio de contrase\u00f1a de Cisco Connected Mobile Experiences (CMX), podr\u00eda permitir a un atacante remoto autenticado alterar su propia contrase\u00f1a a un valor que no cumpla con los requisitos de autenticaci\u00f3n fuerte que est\u00e1n configurados en un dispositivo afectado. Esta vulnerabilidad se presenta porque una comprobaci\u00f3n de la pol\u00edtica de contrase\u00f1as est\u00e1 incompleta en el momento en que se cambia una contrase\u00f1a en el lado del servidor usando la API. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n API especialmente dise\u00f1ada al dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante cambiar su propia contrase\u00f1a a un valor que no cumpla con los requisitos de autenticaci\u00f3n fuerte configurados"}], "lastModified": "2023-11-07T03:28:30.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46B3BCD8-4F1F-4503-9427-1787B7B5B112"}, {"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4548832-9572-4CBF-B77F-1A72ABAF2910"}, {"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B8CAC5F-18EF-446B-9A69-A5AB70EA753A"}, {"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:10.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0805FC9-11E5-4E04-BD4D-3C32CB220594"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}