CVE-2021-40126

Published: Nov 4, 2021

Modified: Nov 7, 2024

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. This vulnerability is due to an overly descriptive error message on the dashboard that appears when a user attempts to modify their email address when the new address already exists in the system. An attacker could exploit this vulnerability by attempting to modify the user's email address. A successful exploit could allow the attacker to enumerate email addresses of users in the system.

Vendor	Product	Versions
Cisco	Cisco Umbrella Insights Virtual Appliance	affected `n/a`

Weaknesses (CWE)

CWE-210

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

20211103 Cisco Umbrella Email Enumeration Vulnerability

vendor-advisory

x_refsource_CISCO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-40126

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References