ID

VAR-202101-1041


CVE

CVE-2021-1300


TITLE

plural  Cisco SD-WAN  Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-002617

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco SD-WAN The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco SD-WAN vEdge is a router from Cisco of the United States. This device can provide basic WAN, security and multi-cloud functions for Cisco SD-WAN solutions. Cisco SD-WAN vManage is a software from Cisco (Cisco) that provides software-defined network functions. This software is a way of network virtualization. Cisco SD-WAN Software has a buffer overflow vulnerability, which is caused by the program's failure to properly handle IP traffic. , And execute arbitrary code on the underlying operating system with root privileges

Trust: 2.34

sources: NVD: CVE-2021-1300 // JVNDB: JVNDB-2021-002617 // CNVD: CNVD-2021-15777 // VULHUB: VHN-374354 // VULMON: CVE-2021-1300

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-15777

AFFECTED PRODUCTS

vendor:ciscomodel:ios xe sd-wanscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.3.8

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.99

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:18.4.4

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:19.2.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vbond orchestratorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xe sd-wanscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vsmart controllerscope: - version: -

Trust: 0.8

vendor:ciscomodel:sd-wan vmanage softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:sd-wan vedge routersscope: - version: -

Trust: 0.6

vendor:ciscomodel:sd-wan vsmart controllerscope: - version: -

Trust: 0.6

vendor:ciscomodel:sd-wan vbond orchestratorscope: - version: -

Trust: 0.6

vendor:ciscomodel:sd-wan vedge cloud routersscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-15777 // JVNDB: JVNDB-2021-002617 // NVD: CVE-2021-1300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1300
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1300
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-1300
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-15777
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202101-1535
value: CRITICAL

Trust: 0.6

VULHUB: VHN-374354
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1300
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1300
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-15777
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-374354
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2021-1300
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2021-1300
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-15777 // VULHUB: VHN-374354 // VULMON: CVE-2021-1300 // JVNDB: JVNDB-2021-002617 // CNNVD: CNNVD-202101-1535 // NVD: CVE-2021-1300 // NVD: CVE-2021-1300

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374354 // JVNDB: JVNDB-2021-002617 // NVD: CVE-2021-1300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1535

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1535

PATCH

title:cisco-sa-sdwan-bufovulns-B5NrSHbjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj

Trust: 0.8

title:Patch for Cisco SD-WAN buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/251586

Trust: 0.6

title:Multiple Cisco SD-WAN Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139798

Trust: 0.6

title:Cisco: Cisco SD-WAN Buffer Overflow Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-bufovulns-B5NrSHbj

Trust: 0.1

title: - url:https://www.bleepingcomputer.com/news/security/cisco-fixes-bug-allowing-remote-code-execution-with-root-privileges/

Trust: 0.1

title: - url:https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/

Trust: 0.1

title: - url:https://threatpost.com/critical-cisco-sd-wan-bugs-rce-attacks/163204/

Trust: 0.1

title: - url:https://www.bleepingcomputer.com/news/security/cisco-bugs-allow-creating-admin-accounts-executing-commands-as-root/

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/

Trust: 0.1

sources: CNVD: CNVD-2021-15777 // VULMON: CVE-2021-1300 // JVNDB: JVNDB-2021-002617 // CNNVD: CNNVD-202101-1535

EXTERNAL IDS

db:NVDid:CVE-2021-1300

Trust: 3.2

db:JVNDBid:JVNDB-2021-002617

Trust: 0.8

db:CNVDid:CNVD-2021-15777

Trust: 0.6

db:AUSCERTid:ESB-2021.0241

Trust: 0.6

db:CNNVDid:CNNVD-202101-1535

Trust: 0.6

db:VULHUBid:VHN-374354

Trust: 0.1

db:VULMONid:CVE-2021-1300

Trust: 0.1

sources: CNVD: CNVD-2021-15777 // VULHUB: VHN-374354 // VULMON: CVE-2021-1300 // JVNDB: JVNDB-2021-002617 // CNNVD: CNNVD-202101-1535 // NVD: CVE-2021-1300

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-bufovulns-b5nrshbj

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1300

Trust: 2.0

url:https://www.auscert.org.au/bulletins/esb-2021.0241/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-two-vulnerabilities-34394

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/cisco-dna-center-bug-remote-attack/163302/

Trust: 0.1

sources: CNVD: CNVD-2021-15777 // VULHUB: VHN-374354 // VULMON: CVE-2021-1300 // JVNDB: JVNDB-2021-002617 // CNNVD: CNNVD-202101-1535 // NVD: CVE-2021-1300

SOURCES

db:CNVDid:CNVD-2021-15777
db:VULHUBid:VHN-374354
db:VULMONid:CVE-2021-1300
db:JVNDBid:JVNDB-2021-002617
db:CNNVDid:CNNVD-202101-1535
db:NVDid:CVE-2021-1300

LAST UPDATE DATE

2024-08-14T13:23:53.868000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-15777date:2021-03-09T00:00:00
db:VULHUBid:VHN-374354date:2021-01-27T00:00:00
db:VULMONid:CVE-2021-1300date:2021-01-27T00:00:00
db:JVNDBid:JVNDB-2021-002617date:2021-09-27T09:06:00
db:CNNVDid:CNNVD-202101-1535date:2021-02-01T00:00:00
db:NVDid:CVE-2021-1300date:2023-10-06T16:24:48.993

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-15777date:2021-03-09T00:00:00
db:VULHUBid:VHN-374354date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1300date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002617date:2021-09-27T00:00:00
db:CNNVDid:CNNVD-202101-1535date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1300date:2021-01-20T20:15:16.800