Sign-up

ID

VAR-202102-0686


CVE

CVE-2021-1378


TITLE

Cisco StarOS  Resource Depletion Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003810

DESCRIPTION

A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device. Cisco StarOS Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Cisco StarOS operating system is an operating system of Cisco in the United States. Provide subscriber management service for mobile packet core network. There is a resource management error vulnerability in the Cisco StarOS operating system, which originates from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Trust: 1.71

sources: NVD: CVE-2021-1378 // JVNDB: JVNDB-2021-003810 // VULHUB: VHN-374432

AFFECTED PRODUCTS

vendor:ciscomodel:starosscope:gteversion:21.9.0

Trust: 1.0

vendor:ciscomodel:starosscope:lteversion:21.19.10

Trust: 1.0

vendor:シスコシステムズmodel:cisco starosscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco starosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003810 // NVD: CVE-2021-1378

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1378
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1378
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1378
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202102-1275
value: HIGH

Trust: 0.6

VULHUB: VHN-374432
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1378
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374432
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1378
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1378
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1378
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374432 // JVNDB: JVNDB-2021-003810 // CNNVD: CNNVD-202102-1275 // NVD: CVE-2021-1378 // NVD: CVE-2021-1378

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374432 // JVNDB: JVNDB-2021-003810 // NVD: CVE-2021-1378

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-1275

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202102-1275

PATCH

title:cisco-sa-StarOS-DoS-RLLvGFJjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-StarOS-DoS-RLLvGFJj

Trust: 0.8

title:Cisco StarOS operating system Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142816

Trust: 0.6

sources: JVNDB: JVNDB-2021-003810 // CNNVD: CNNVD-202102-1275

EXTERNAL IDS

db:NVDid:CVE-2021-1378

Trust: 2.5

db:JVNDBid:JVNDB-2021-003810

Trust: 0.8

db:AUSCERTid:ESB-2021.0600

Trust: 0.6

db:CNNVDid:CNNVD-202102-1275

Trust: 0.6

db:VULHUBid:VHN-374432

Trust: 0.1

sources: VULHUB: VHN-374432 // JVNDB: JVNDB-2021-003810 // CNNVD: CNNVD-202102-1275 // NVD: CVE-2021-1378

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-staros-dos-rllvgfjj

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1378

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.0600

Trust: 0.6

sources: VULHUB: VHN-374432 // JVNDB: JVNDB-2021-003810 // CNNVD: CNNVD-202102-1275 // NVD: CVE-2021-1378

SOURCES

db:VULHUBid:VHN-374432
db:JVNDBid:JVNDB-2021-003810
db:CNNVDid:CNNVD-202102-1275
db:NVDid:CVE-2021-1378

LAST UPDATE DATE

2024-11-23T21:51:02.830000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374432date:2021-02-24T00:00:00
db:JVNDBid:JVNDB-2021-003810date:2021-11-05T05:16:00
db:CNNVDid:CNNVD-202102-1275date:2021-03-01T00:00:00
db:NVDid:CVE-2021-1378date:2024-11-21T05:44:13.047

SOURCES RELEASE DATE

db:VULHUBid:VHN-374432date:2021-02-17T00:00:00
db:JVNDBid:JVNDB-2021-003810date:2021-11-05T00:00:00
db:CNNVDid:CNNVD-202102-1275date:2021-02-17T00:00:00
db:NVDid:CVE-2021-1378date:2021-02-17T17:15:13.583