Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-1396— Cisco Application Services Engine Unauthorized Access Vulnerabilities

CVSS 9.8 · Critical EPSS 0.83% · P75
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-1396

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco Application Services Engine Unauthorized Access Vulnerabilities
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Application Services Engine 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Application Services Engine是美国思科(Cisco)公司的一套用于部署Cisco数据中心应用的通用平台。 Cisco Application Services Engine 存在安全漏洞,该漏洞允许未经身份验证的远程攻击者获得对主机级操作的特权访问或学习特定于设备的信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco Application Services Engine Software n/a -

II. Public POCs for CVE-2021-1396

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-1396

登录查看更多情报信息。

Same Patch Batch · Cisco · 2021-02-24 · 13 CVEs total

CVE-2021-138810.0 CRITICALCisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication By
CVE-2021-13619.8 CRITICALCisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability
CVE-2021-13939.8 CRITICALCisco Application Services Engine Unauthorized Access Vulnerabilities
CVE-2021-13688.8 HIGHCisco FXOS and NX-OS Software Unidirectional Link Detection Denial of Service and Arbitrar
CVE-2021-12308.6 HIGHCisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation Denial of Service
CVE-2021-13878.6 HIGHCisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability
CVE-2021-12287.4 HIGHCisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized A
CVE-2021-12295.8 MEDIUMCisco NX-OS Software ICMP Version 6 Memory Leak Denial of Service Vulnerability
CVE-2021-14505.5 MEDIUMCisco AnyConnect Secure Mobility Client Denial of Service Vulnerability
CVE-2021-12314.7 MEDIUMCisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port Denial
CVE-2021-13674.3 MEDIUMCisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability
CVE-2021-1227Cisco NX-OS Software NX-API Cross-Site Request Forgery Vulnerability

IV. Related Vulnerabilities

Same product: Cisco Application Services Engine Software
Same vendor: Cisco
Same weakness: CWE-306

V. Comments for CVE-2021-1396

No comments yet

Leave a comment