{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2021-039.pdf" }, "title": "Cisco Intersight Virtual Appliance Forwarding Vulnerabilities", "serial_number": "2021-039", "publish_date": "22-07-2021 17:56:00", "description": "Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface.", "url_title": "2021-039", "content_markdown": "---\ntitle: 'Cisco Intersight Virtual Appliance Forwarding Vulnerabilities'\nversion: '1.0'\nnumber: '2021-039'\ndate: 'July 22, 2021'\n---\n\n_History:_\n\n* _22/07/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nMultiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface [1].\n\n# Technical Details\n\nThese vulnerabilities (CVE-2021-1600, CVE-2021-1601) are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device [1].\n\n# Affected Products\n\nThe vulnerability with the Cisco Bug ID CSCvx84462 affects Cisco Intersight Virtual Appliance releases earlier than the first fixed release for IPv4 traffic.\n\nThe vulnerability with the Cisco Bug ID CSCvy29625 affects Cisco Intersight Virtual Appliance releases 1.0.9-184 to the first fixed release for IPv6 traffic.\n\nThese vulnerabilities do not affect customers who use Cisco Intersight Services for Cloud.\n\n# Recommendations\n\nCisco fixed these vulnerabilities for both IPv4 and IPv6 in Cisco Intersight Virtual Appliance releases 1.0.9-292 and later.\n\nCERT-EU recommends updating the vulnerable application as soon as possible.\n\n## Workaround\n\nThere are no workarounds reported to address these vulnerabilities.\n\n# References\n\n[1] \n", "content_html": "

History:

Summary

Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface [1].

Technical Details

These vulnerabilities (CVE-2021-1600, CVE-2021-1601) are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external management interface. An attacker could exploit these vulnerabilities by sending specific traffic to this interface on an affected device. A successful exploit could allow the attacker to access sensitive internal services and make configuration changes on the affected device [1].

Affected Products

The vulnerability with the Cisco Bug ID CSCvx84462 affects Cisco Intersight Virtual Appliance releases earlier than the first fixed release for IPv4 traffic.

The vulnerability with the Cisco Bug ID CSCvy29625 affects Cisco Intersight Virtual Appliance releases 1.0.9-184 to the first fixed release for IPv6 traffic.

These vulnerabilities do not affect customers who use Cisco Intersight Services for Cloud.

Recommendations

Cisco fixed these vulnerabilities for both IPv4 and IPv6 in Cisco Intersight Virtual Appliance releases 1.0.9-292 and later.

CERT-EU recommends updating the vulnerable application as soon as possible.

Workaround

There are no workarounds reported to address these vulnerabilities.

References

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-iptaclbp-L8Dzs8m8

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }