Details of VAR-202103-0383

ID

VAR-202103-0383

CVE

CVE-2021-1220

TITLE

Cisco IOS XE Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004753

DESCRIPTION

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. Cisco IOS XE Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS is an operating system developed for its network equipment. CLI is one of those command line interfaces. SD-WAN Software is one of the software-defined WAN software

Trust: 2.34

sources: NVD: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374274 // VULMON: CVE-2021-1220

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1r	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1y	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1w	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1z	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1x	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1b	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004753 // NVD: CVE-2021-1220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1220
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1220
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1220
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1432
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374274
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1220
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1220
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374274
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1220
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1220
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374274 // VULMON: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1432 // NVD: CVE-2021-1220 // NVD: CVE-2021-1220

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374274 // JVNDB: JVNDB-2021-004753 // NVD: CVE-2021-1220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1432

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-xe-webui-dos-z9yqYQAn	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn	Trust: 0.8
title:	Cisco IOS and IOS XE Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145076	Trust: 0.6
title:	Cisco: Cisco IOS XE Software Web UI Denial of Service Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-xe-webui-dos-z9yqYQAn	Trust: 0.1

sources: VULMON: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202103-1432

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1220	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-004753	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1432	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021042150	Trust: 0.6
db:	VULHUB	id:	VHN-374274	Trust: 0.1
db:	VULMON	id:	CVE-2021-1220	Trust: 0.1

sources: VULHUB: VHN-374274 // VULMON: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1432 // NVD: CVE-2021-1220

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xe-webui-dos-z9yqyqan	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1220	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042150	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/198709	Trust: 0.1

sources: VULHUB: VHN-374274 // VULMON: CVE-2021-1220 // JVNDB: JVNDB-2021-004753 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1432 // NVD: CVE-2021-1220

SOURCES

db:	VULHUB	id:	VHN-374274
db:	VULMON	id:	CVE-2021-1220
db:	JVNDB	id:	JVNDB-2021-004753
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202103-1432
db:	NVD	id:	CVE-2021-1220

LAST UPDATE DATE

2024-08-14T12:17:56.351000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374274	date:	2021-03-29T00:00:00
db:	VULMON	id:	CVE-2021-1220	date:	2021-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-004753	date:	2021-11-29T09:15:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202103-1432	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-2021-1220	date:	2024-02-07T18:28:13.263

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374274	date:	2021-03-24T00:00:00
db:	VULMON	id:	CVE-2021-1220	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004753	date:	2021-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202103-1432	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2021-1220	date:	2021-03-24T21:15:11.350