ID

VAR-202102-0559


CVE

CVE-2021-1288


TITLE

Cisco IOS XR  Resource management vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-003118

DESCRIPTION

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOS XR The software contains a resource management vulnerability.Denial of service (DoS) It may be put into a state. The vulnerability is due to a logic error that occurs when affected devices process Telnet protocol packets. An attacker could exploit this vulnerability by sending a specific stream of packets to an affected device. A successful exploit could allow an attacker to crash the enf_broker process, which could lead to system instability and the inability to process or forward traffic through the affected device

Trust: 1.8

sources: NVD: CVE-2021-1288 // JVNDB: JVNDB-2021-003118 // VULHUB: VHN-374342 // VULMON: CVE-2021-1288

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:ltversion:6.0.2

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:5.3.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:6.0.0

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:5.3.4

Trust: 1.0

vendor:ciscomodel:ios xrscope:ltversion:5.2.6

Trust: 1.0

vendor:ciscomodel:ios xrscope:gteversion:5.0.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xrscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xrscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003118 // NVD: CVE-2021-1288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1288
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1288
value: HIGH

Trust: 1.0

NVD: CVE-2021-1288
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202102-252
value: HIGH

Trust: 0.6

VULHUB: VHN-374342
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1288
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374342
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1288
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1288
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-1288
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374342 // JVNDB: JVNDB-2021-003118 // CNNVD: CNNVD-202102-252 // NVD: CVE-2021-1288 // NVD: CVE-2021-1288

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Resource management issues (CWE-399) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003118 // NVD: CVE-2021-1288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-252

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202102-252

PATCH

title:cisco-sa-iosxr-dos-WwDdghs2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dos-WwDdghs2

Trust: 0.8

title:Cisco IOS XR Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140475

Trust: 0.6

title:Cisco: Cisco IOS XR Software Enf Broker Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxr-dos-WwDdghs2

Trust: 0.1

sources: VULMON: CVE-2021-1288 // JVNDB: JVNDB-2021-003118 // CNNVD: CNNVD-202102-252

EXTERNAL IDS

db:NVDid:CVE-2021-1288

Trust: 2.6

db:JVNDBid:JVNDB-2021-003118

Trust: 0.8

db:CNNVDid:CNNVD-202102-252

Trust: 0.6

db:VULHUBid:VHN-374342

Trust: 0.1

db:VULMONid:CVE-2021-1288

Trust: 0.1

sources: VULHUB: VHN-374342 // VULMON: CVE-2021-1288 // JVNDB: JVNDB-2021-003118 // CNNVD: CNNVD-202102-252 // NVD: CVE-2021-1288

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxr-dos-wwddghs2

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1288

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-xr-denial-of-service-via-enf-broker-34474

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/399.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/196125

Trust: 0.1

sources: VULHUB: VHN-374342 // VULMON: CVE-2021-1288 // JVNDB: JVNDB-2021-003118 // CNNVD: CNNVD-202102-252 // NVD: CVE-2021-1288

SOURCES

db:VULHUBid:VHN-374342
db:VULMONid:CVE-2021-1288
db:JVNDBid:JVNDB-2021-003118
db:CNNVDid:CNNVD-202102-252
db:NVDid:CVE-2021-1288

LAST UPDATE DATE

2024-08-14T14:03:18.200000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374342date:2022-04-25T00:00:00
db:VULMONid:CVE-2021-1288date:2021-02-08T00:00:00
db:JVNDBid:JVNDB-2021-003118date:2021-10-18T08:04:00
db:CNNVDid:CNNVD-202102-252date:2022-04-26T00:00:00
db:NVDid:CVE-2021-1288date:2023-11-07T03:27:52.997

SOURCES RELEASE DATE

db:VULHUBid:VHN-374342date:2021-02-04T00:00:00
db:VULMONid:CVE-2021-1288date:2021-02-04T00:00:00
db:JVNDBid:JVNDB-2021-003118date:2021-10-18T00:00:00
db:CNNVDid:CNNVD-202102-252date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1288date:2021-02-04T17:15:15.077