ID

VAR-202101-1062


CVE

CVE-2021-1350


TITLE

Cisco Umbrella  Vulnerability in resource allocation without restrictions or throttling in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002904

DESCRIPTION

A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability. Cisco Umbrella Is vulnerable to resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state. Cisco Umbrella is a cloud security platform of Cisco (Cisco). The platform protects against cyber threats such as phishing, malware, and ransomware

Trust: 1.8

sources: NVD: CVE-2021-1350 // JVNDB: JVNDB-2021-002904 // VULHUB: VHN-374404 // VULMON: CVE-2021-1350

AFFECTED PRODUCTS

vendor:ciscomodel:umbrellascope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:cisco umbrella 仮想アプライアンスscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco umbrella 仮想アプライアンスscope:eqversion:cisco umbrella virtual appliance

Trust: 0.8

sources: JVNDB: JVNDB-2021-002904 // NVD: CVE-2021-1350

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1350
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1350
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1350
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1529
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374404
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1350
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1350
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374404
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1350
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-1350
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374404 // VULMON: CVE-2021-1350 // JVNDB: JVNDB-2021-002904 // CNNVD: CNNVD-202101-1529 // NVD: CVE-2021-1350 // NVD: CVE-2021-1350

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.1

problemtype:Allocation of resources without limits or throttling (CWE-770) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374404 // JVNDB: JVNDB-2021-002904 // NVD: CVE-2021-1350

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1529

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-1529

PATCH

title:cisco-sa-umb-dos-dgKzDEBPurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umb-dos-dgKzDEBP

Trust: 0.8

title:Cisco Umbrella Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139792

Trust: 0.6

title:Cisco: Cisco Umbrella Dashboard Packet Flood Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-umb-dos-dgKzDEBP

Trust: 0.1

sources: VULMON: CVE-2021-1350 // JVNDB: JVNDB-2021-002904 // CNNVD: CNNVD-202101-1529

EXTERNAL IDS

db:NVDid:CVE-2021-1350

Trust: 2.6

db:JVNDBid:JVNDB-2021-002904

Trust: 0.8

db:AUSCERTid:ESB-2021.0251

Trust: 0.6

db:CNNVDid:CNNVD-202101-1529

Trust: 0.6

db:VULHUBid:VHN-374404

Trust: 0.1

db:VULMONid:CVE-2021-1350

Trust: 0.1

sources: VULHUB: VHN-374404 // VULMON: CVE-2021-1350 // JVNDB: JVNDB-2021-002904 // CNNVD: CNNVD-202101-1529 // NVD: CVE-2021-1350

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-umb-dos-dgkzdebp

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1350

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0251/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/770.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374404 // VULMON: CVE-2021-1350 // JVNDB: JVNDB-2021-002904 // CNNVD: CNNVD-202101-1529 // NVD: CVE-2021-1350

SOURCES

db:VULHUBid:VHN-374404
db:VULMONid:CVE-2021-1350
db:JVNDBid:JVNDB-2021-002904
db:CNNVDid:CNNVD-202101-1529
db:NVDid:CVE-2021-1350

LAST UPDATE DATE

2024-08-14T14:25:29.508000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374404date:2021-02-02T00:00:00
db:VULMONid:CVE-2021-1350date:2021-02-02T00:00:00
db:JVNDBid:JVNDB-2021-002904date:2021-10-08T09:11:00
db:CNNVDid:CNNVD-202101-1529date:2021-02-09T00:00:00
db:NVDid:CVE-2021-1350date:2023-11-07T03:28:03.780

SOURCES RELEASE DATE

db:VULHUBid:VHN-374404date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1350date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002904date:2021-10-08T00:00:00
db:CNNVDid:CNNVD-202101-1529date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1350date:2021-01-20T20:15:17.457