Details of VAR-202101-1058

ID

VAR-202101-1058

CVE

CVE-2021-1278

TITLE

plural Cisco SD-WAN Buffer error vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-002612

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco SD-WAN The product contains a buffer error vulnerability.Denial of service (DoS) It may be put into a state. Cisco SD-WAN vEdge is a router from Cisco of the United States. This device can provide basic WAN, security and multi-cloud functions for Cisco SD-WAN solutions. Cisco SD-WAN vManage is a software from Cisco (Cisco) that provides software-defined network functions. This software is a way of network virtualization. The symbolic link (symlink) creation function of Cisco SD-WAN software has a denial of service vulnerability. The vulnerability is caused by the program's failure to correctly verify and check the input to create a symbolic link. Attackers can create a symbolic link to the target file on a specific path. Use this vulnerability to overwrite arbitrary files owned by the root user on the affected system

Trust: 2.34

sources: NVD: CVE-2021-1278 // JVNDB: JVNDB-2021-002612 // CNVD: CNVD-2021-15775 // VULHUB: VHN-374332 // VULMON: CVE-2021-1278

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-15775

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe sd-wan	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	20.1.0	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.99	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.1	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.1	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.4.5	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.5	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	18.3.8	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	sd-wan vmanage software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sd-wan vedge routers	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sd-wan vsmart controller	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	sd-wan vedge cloud routers	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-15775 // JVNDB: JVNDB-2021-002612 // NVD: CVE-2021-1278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1278
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1278
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1278
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-15775
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202101-1544
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374332
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1278
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1278
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-15775
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-374332
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1278
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1278
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1278
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-15775 // VULHUB: VHN-374332 // VULMON: CVE-2021-1278 // JVNDB: JVNDB-2021-002612 // CNNVD: CNNVD-202101-1544 // NVD: CVE-2021-1278 // NVD: CVE-2021-1278

PROBLEMTYPE DATA

problemtype:	CWE-59	Trust: 1.1
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374332 // JVNDB: JVNDB-2021-002612 // NVD: CVE-2021-1278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1544

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202101-1544

PATCH

title:	cisco-sa-sdwan-dosmulti-48jJuEUP	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP	Trust: 0.8
title:	Patch for Cisco SD-WAN Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/251596	Trust: 0.6
title:	Cisco SD-WAN products Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139927	Trust: 0.6
title:	Cisco: Cisco SD-WAN Denial of Service Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-dosmulti-48jJuEUP	Trust: 0.1

sources: CNVD: CNVD-2021-15775 // VULMON: CVE-2021-1278 // JVNDB: JVNDB-2021-002612 // CNNVD: CNNVD-202101-1544

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1278	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-002612	Trust: 0.8
db:	CNVD	id:	CNVD-2021-15775	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0241	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1544	Trust: 0.6
db:	VULHUB	id:	VHN-374332	Trust: 0.1
db:	VULMON	id:	CVE-2021-1278	Trust: 0.1

sources: CNVD: CNVD-2021-15775 // VULHUB: VHN-374332 // VULMON: CVE-2021-1278 // JVNDB: JVNDB-2021-002612 // CNNVD: CNNVD-202101-1544 // NVD: CVE-2021-1278

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-dosmulti-48jjueup	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1278	Trust: 2.0
url:	https://www.auscert.org.au/bulletins/esb-2021.0241/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-vedge-five-vulnerabilities-34396	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.2
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195311	Trust: 0.1

sources: CNVD: CNVD-2021-15775 // VULHUB: VHN-374332 // VULMON: CVE-2021-1278 // JVNDB: JVNDB-2021-002612 // CNNVD: CNNVD-202101-1544 // NVD: CVE-2021-1278

SOURCES

db:	CNVD	id:	CNVD-2021-15775
db:	VULHUB	id:	VHN-374332
db:	VULMON	id:	CVE-2021-1278
db:	JVNDB	id:	JVNDB-2021-002612
db:	CNNVD	id:	CNNVD-202101-1544
db:	NVD	id:	CVE-2021-1278

LAST UPDATE DATE

2024-08-14T13:23:53.623000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-15775	date:	2021-03-09T00:00:00
db:	VULHUB	id:	VHN-374332	date:	2022-08-05T00:00:00
db:	VULMON	id:	CVE-2021-1278	date:	2021-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-002612	date:	2021-09-27T09:05:00
db:	CNNVD	id:	CNNVD-202101-1544	date:	2022-08-08T00:00:00
db:	NVD	id:	CVE-2021-1278	date:	2023-11-07T03:27:51.297

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-15775	date:	2021-03-09T00:00:00
db:	VULHUB	id:	VHN-374332	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1278	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002612	date:	2021-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202101-1544	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1278	date:	2021-01-20T20:15:16.173