Details of VAR-202102-0549

ID

VAR-202102-0549

CVE

CVE-2021-1243

TITLE

Cisco IOS XR Software access control vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-003116

DESCRIPTION

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests. Cisco IOS XR The software contains a vulnerability related to access control.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2021-1243 // JVNDB: JVNDB-2021-003116 // VULHUB: VHN-374297 // VULMON: CVE-2021-1243

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	6.7.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	7.0.11	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	lt	version:	7.0.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	gt	version:	6.1.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	lt	version:	6.6.4	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xr	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xr	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-003116 // NVD: CVE-2021-1243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1243
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1243
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1243
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202102-246
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374297
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1243
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374297
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1243
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1243
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1243
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374297 // JVNDB: JVNDB-2021-003116 // CNNVD: CNNVD-202102-246 // NVD: CVE-2021-1243 // NVD: CVE-2021-1243

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate access control (CWE-284) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003116 // NVD: CVE-2021-1243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-246

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-246

PATCH

title:	cisco-sa-snmp-7MKrW7Nq	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq	Trust: 0.8
title:	Cisco IOS XR Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141107	Trust: 0.6
title:	Cisco: Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-snmp-7MKrW7Nq	Trust: 0.1

sources: VULMON: CVE-2021-1243 // JVNDB: JVNDB-2021-003116 // CNNVD: CNNVD-202102-246

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1243	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-003116	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-246	Trust: 0.6
db:	VULHUB	id:	VHN-374297	Trust: 0.1
db:	VULMON	id:	CVE-2021-1243	Trust: 0.1

sources: VULHUB: VHN-374297 // VULMON: CVE-2021-1243 // JVNDB: JVNDB-2021-003116 // CNNVD: CNNVD-202102-246 // NVD: CVE-2021-1243

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-snmp-7mkrw7nq	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1243	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-ios-xr-privilege-escalation-via-snmp-acl-bypass-34478	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/284.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/196142	Trust: 0.1

sources: VULHUB: VHN-374297 // VULMON: CVE-2021-1243 // JVNDB: JVNDB-2021-003116 // CNNVD: CNNVD-202102-246 // NVD: CVE-2021-1243

SOURCES

db:	VULHUB	id:	VHN-374297
db:	VULMON	id:	CVE-2021-1243
db:	JVNDB	id:	JVNDB-2021-003116
db:	CNNVD	id:	CNNVD-202102-246
db:	NVD	id:	CVE-2021-1243

LAST UPDATE DATE

2024-08-14T13:54:14.084000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374297	date:	2022-09-20T00:00:00
db:	VULMON	id:	CVE-2021-1243	date:	2021-02-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-003116	date:	2021-10-18T08:04:00
db:	CNNVD	id:	CNNVD-202102-246	date:	2022-09-21T00:00:00
db:	NVD	id:	CVE-2021-1243	date:	2023-11-07T03:27:46.503

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374297	date:	2021-02-04T00:00:00
db:	VULMON	id:	CVE-2021-1243	date:	2021-02-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-003116	date:	2021-10-18T00:00:00
db:	CNNVD	id:	CNNVD-202102-246	date:	2021-02-03T00:00:00
db:	NVD	id:	CVE-2021-1243	date:	2021-02-04T17:15:14.700