Details of VAR-202101-1055

ID

VAR-202101-1055

CVE

CVE-2021-1274

TITLE

plural Cisco SD-WAN Buffer error vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-002611

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco SD-WAN The product contains a buffer error vulnerability.Denial of service (DoS) It may be put into a state. Cisco SD-WAN vEdge is a router from Cisco of the United States. This device can provide basic WAN, security and multi-cloud functions for Cisco SD-WAN solutions. Cisco SD-WAN vManage is a software from Cisco (Cisco) that provides software-defined network functions. This software is a way of network virtualization. The UDP link response of Cisco SD-WAN software has a denial of service vulnerability. The vulnerability is caused by a null pointer dereference in vDaemon

Trust: 2.34

sources: NVD: CVE-2021-1274 // JVNDB: JVNDB-2021-002611 // CNVD: CNVD-2021-15776 // VULHUB: VHN-374328 // VULMON: CVE-2021-1274

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-15776

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe sd-wan	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	20.1.0	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.99	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.1	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.1	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.5	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.5	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sd-wan vmanage software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sd-wan vedge routers	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sd-wan vsmart controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sd-wan vedge cloud routers	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-15776 // JVNDB: JVNDB-2021-002611 // NVD: CVE-2021-1274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1274
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1274
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1274
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-15776
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202101-1547
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374328
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1274
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1274
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-15776
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-374328
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1274
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1274
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-15776 // VULHUB: VHN-374328 // VULMON: CVE-2021-1274 // JVNDB: JVNDB-2021-002611 // CNNVD: CNNVD-202101-1547 // NVD: CVE-2021-1274 // NVD: CVE-2021-1274

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.1
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374328 // JVNDB: JVNDB-2021-002611 // NVD: CVE-2021-1274

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1547

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202101-1547

PATCH

title:	cisco-sa-sdwan-dosmulti-48jJuEUP	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP	Trust: 0.8
title:	Patch for Cisco SD-WAN UDP Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/251591	Trust: 0.6
title:	Multiple Cisco SD-WAN Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139805	Trust: 0.6
title:	Cisco: Cisco SD-WAN Denial of Service Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-dosmulti-48jJuEUP	Trust: 0.1

sources: CNVD: CNVD-2021-15776 // VULMON: CVE-2021-1274 // JVNDB: JVNDB-2021-002611 // CNNVD: CNNVD-202101-1547

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1274	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-002611	Trust: 0.8
db:	CNVD	id:	CNVD-2021-15776	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0241	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1547	Trust: 0.6
db:	VULHUB	id:	VHN-374328	Trust: 0.1
db:	VULMON	id:	CVE-2021-1274	Trust: 0.1

sources: CNVD: CNVD-2021-15776 // VULHUB: VHN-374328 // VULMON: CVE-2021-1274 // JVNDB: JVNDB-2021-002611 // CNNVD: CNNVD-202101-1547 // NVD: CVE-2021-1274

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-dosmulti-48jjueup	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1274	Trust: 2.0
url:	https://www.auscert.org.au/bulletins/esb-2021.0241/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-five-vulnerabilities-34396	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195310	Trust: 0.1

sources: CNVD: CNVD-2021-15776 // VULHUB: VHN-374328 // VULMON: CVE-2021-1274 // JVNDB: JVNDB-2021-002611 // CNNVD: CNNVD-202101-1547 // NVD: CVE-2021-1274

SOURCES

db:	CNVD	id:	CNVD-2021-15776
db:	VULHUB	id:	VHN-374328
db:	VULMON	id:	CVE-2021-1274
db:	JVNDB	id:	JVNDB-2021-002611
db:	CNNVD	id:	CNNVD-202101-1547
db:	NVD	id:	CVE-2021-1274

LAST UPDATE DATE

2024-08-14T13:23:53.738000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-15776	date:	2021-03-09T00:00:00
db:	VULHUB	id:	VHN-374328	date:	2022-08-05T00:00:00
db:	VULMON	id:	CVE-2021-1274	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002611	date:	2021-09-27T09:05:00
db:	CNNVD	id:	CNNVD-202101-1547	date:	2022-08-08T00:00:00
db:	NVD	id:	CVE-2021-1274	date:	2023-11-07T03:27:50.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-15776	date:	2021-03-09T00:00:00
db:	VULHUB	id:	VHN-374328	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1274	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002611	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1547	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1274	date:	2021-01-20T20:15:15.970