Details of VAR-202101-1042

ID

VAR-202101-1042

CVE

CVE-2021-1301

TITLE

plural Cisco SD-WAN Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-002618

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco SD-WAN The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-1301 // JVNDB: JVNDB-2021-002618 // VULHUB: VHN-374355 // VULMON: CVE-2021-1301

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe sd-wan	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.99	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.4	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vsmart controller	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002618 // NVD: CVE-2021-1301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1301
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1301
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-1301
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202101-1536
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-374355
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1301
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1301
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374355
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2021-1301
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-1301
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374355 // VULMON: CVE-2021-1301 // JVNDB: JVNDB-2021-002618 // CNNVD: CNNVD-202101-1536 // NVD: CVE-2021-1301 // NVD: CVE-2021-1301

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-119	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374355 // JVNDB: JVNDB-2021-002618 // NVD: CVE-2021-1301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1536

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1536

PATCH

title:	cisco-sa-sdwan-bufovulns-B5NrSHbj	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj	Trust: 0.8
title:	Multiple Cisco SD-WAN Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139799	Trust: 0.6
title:	Cisco: Cisco SD-WAN Buffer Overflow Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-bufovulns-B5NrSHbj	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2021/01/22/cisco_critical_vulnerabilities/	Trust: 0.1

sources: VULMON: CVE-2021-1301 // JVNDB: JVNDB-2021-002618 // CNNVD: CNNVD-202101-1536

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1301	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002618	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0241	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1536	Trust: 0.6
db:	VULHUB	id:	VHN-374355	Trust: 0.1
db:	VULMON	id:	CVE-2021-1301	Trust: 0.1

sources: VULHUB: VHN-374355 // VULMON: CVE-2021-1301 // JVNDB: JVNDB-2021-002618 // CNNVD: CNNVD-202101-1536 // NVD: CVE-2021-1301

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-bufovulns-b5nrshbj	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1301	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0241/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-two-vulnerabilities-34394	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374355 // VULMON: CVE-2021-1301 // JVNDB: JVNDB-2021-002618 // CNNVD: CNNVD-202101-1536 // NVD: CVE-2021-1301

SOURCES

db:	VULHUB	id:	VHN-374355
db:	VULMON	id:	CVE-2021-1301
db:	JVNDB	id:	JVNDB-2021-002618
db:	CNNVD	id:	CNNVD-202101-1536
db:	NVD	id:	CVE-2021-1301

LAST UPDATE DATE

2024-08-14T13:23:53.948000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374355	date:	2022-08-05T00:00:00
db:	VULMON	id:	CVE-2021-1301	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002618	date:	2021-09-27T09:06:00
db:	CNNVD	id:	CNNVD-202101-1536	date:	2022-08-08T00:00:00
db:	NVD	id:	CVE-2021-1301	date:	2023-10-06T16:24:48.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374355	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1301	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002618	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1536	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1301	date:	2021-01-20T20:15:16.877