ID

VAR-202102-0551


CVE

CVE-2021-1313


TITLE

Cisco IOS XR  Resource management vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-003113

DESCRIPTION

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOS XR The software contains a resource management vulnerability.Denial of service (DoS) It may be put into a state. The vulnerability is caused by the software's incorrect allocation of resources, and an attacker can exploit this vulnerability by sending a specific packet stream to the affected device. Successful exploitation of this vulnerability could allow an attacker to cause the enf_broker process to leak system memory. Over time, this memory leak could cause the enf_broker process to crash, potentially causing system instability and the inability to process or forward traffic through the affected device

Trust: 1.8

sources: NVD: CVE-2021-1313 // JVNDB: JVNDB-2021-003113 // VULHUB: VHN-374367 // VULMON: CVE-2021-1313

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:gteversion:5.3.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:5.3.4

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:5.2.6

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:5.0.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xrscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xrscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003113 // NVD: CVE-2021-1313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1313
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1313
value: HIGH

Trust: 1.0

NVD: CVE-2021-1313
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202102-249
value: HIGH

Trust: 0.6

VULHUB: VHN-374367
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1313
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374367
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1313
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1313
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-1313
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374367 // JVNDB: JVNDB-2021-003113 // CNNVD: CNNVD-202102-249 // NVD: CVE-2021-1313 // NVD: CVE-2021-1313

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.1

problemtype:CWE-399

Trust: 1.0

problemtype:Resource management issues (CWE-399) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374367 // JVNDB: JVNDB-2021-003113 // NVD: CVE-2021-1313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-249

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202102-249

PATCH

title:cisco-sa-iosxr-dos-WwDdghs2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2

Trust: 0.8

title:Cisco IOS XR Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140472

Trust: 0.6

title:Cisco: Cisco IOS XR Software Enf Broker Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxr-dos-WwDdghs2

Trust: 0.1

sources: VULMON: CVE-2021-1313 // JVNDB: JVNDB-2021-003113 // CNNVD: CNNVD-202102-249

EXTERNAL IDS

db:NVDid:CVE-2021-1313

Trust: 2.6

db:JVNDBid:JVNDB-2021-003113

Trust: 0.8

db:CNNVDid:CNNVD-202102-249

Trust: 0.6

db:VULHUBid:VHN-374367

Trust: 0.1

db:VULMONid:CVE-2021-1313

Trust: 0.1

sources: VULHUB: VHN-374367 // VULMON: CVE-2021-1313 // JVNDB: JVNDB-2021-003113 // CNNVD: CNNVD-202102-249 // NVD: CVE-2021-1313

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxr-dos-wwddghs2

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1313

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-enf-broker-34474

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/399.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/196126

Trust: 0.1

sources: VULHUB: VHN-374367 // VULMON: CVE-2021-1313 // JVNDB: JVNDB-2021-003113 // CNNVD: CNNVD-202102-249 // NVD: CVE-2021-1313

SOURCES

db:VULHUBid:VHN-374367
db:VULMONid:CVE-2021-1313
db:JVNDBid:JVNDB-2021-003113
db:CNNVDid:CNNVD-202102-249
db:NVDid:CVE-2021-1313

LAST UPDATE DATE

2024-08-14T14:38:09.044000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374367date:2022-04-25T00:00:00
db:VULMONid:CVE-2021-1313date:2021-02-08T00:00:00
db:JVNDBid:JVNDB-2021-003113date:2021-10-18T08:04:00
db:CNNVDid:CNNVD-202102-249date:2022-04-26T00:00:00
db:NVDid:CVE-2021-1313date:2023-11-07T03:27:56.923

SOURCES RELEASE DATE

db:VULHUBid:VHN-374367date:2021-02-04T00:00:00
db:VULMONid:CVE-2021-1313date:2021-02-04T00:00:00
db:JVNDBid:JVNDB-2021-003113date:2021-10-18T00:00:00
db:CNNVDid:CNNVD-202102-249date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1313date:2021-02-04T17:15:15.857