ID

VAR-202103-0383


CVE

CVE-2021-1220


TITLE

Cisco IOS XE  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004753

DESCRIPTION

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. Cisco IOS XE Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS is an operating system developed for its network equipment. CLI is one of those command line interfaces. SD-WAN Software is one of the software-defined WAN software

Trust: 2.34

sources: NVD: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374274 // VULMON: CVE-2021-1220

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.2xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004753 // NVD: CVE-2021-1220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1220
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1220
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1220
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202103-1432
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374274
value: LOW

Trust: 0.1

VULMON: CVE-2021-1220
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1220
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374274
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1220
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-1220
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374274 // VULMON: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1432 // NVD: CVE-2021-1220 // NVD: CVE-2021-1220

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374274 // JVNDB: JVNDB-2021-004753 // NVD: CVE-2021-1220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1432

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-xe-webui-dos-z9yqYQAnurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn

Trust: 0.8

title:Cisco IOS and IOS XE Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145076

Trust: 0.6

title:Cisco: Cisco IOS XE Software Web UI Denial of Service Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-xe-webui-dos-z9yqYQAn

Trust: 0.1

sources: VULMON: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202103-1432

EXTERNAL IDS

db:NVDid:CVE-2021-1220

Trust: 2.6

db:JVNDBid:JVNDB-2021-004753

Trust: 0.8

db:CNNVDid:CNNVD-202103-1432

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042150

Trust: 0.6

db:VULHUBid:VHN-374274

Trust: 0.1

db:VULMONid:CVE-2021-1220

Trust: 0.1

sources: VULHUB: VHN-374274 // VULMON: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1432 // NVD: CVE-2021-1220

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xe-webui-dos-z9yqyqan

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1220

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042150

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198709

Trust: 0.1

sources: VULHUB: VHN-374274 // VULMON: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1432 // NVD: CVE-2021-1220

SOURCES

db:VULHUBid:VHN-374274
db:VULMONid:CVE-2021-1220
db:JVNDBid:JVNDB-2021-004753
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202103-1432
db:NVDid:CVE-2021-1220

LAST UPDATE DATE

2024-08-14T12:17:56.351000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374274date:2021-03-29T00:00:00
db:VULMONid:CVE-2021-1220date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-004753date:2021-11-29T09:15:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202103-1432date:2021-04-22T00:00:00
db:NVDid:CVE-2021-1220date:2024-02-07T18:28:13.263

SOURCES RELEASE DATE

db:VULHUBid:VHN-374274date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1220date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004753date:2021-11-29T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202103-1432date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1220date:2021-03-24T21:15:11.350