ID

VAR-202103-0465


CVE

CVE-2021-1356


TITLE

Cisco IOS XE  Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004800

DESCRIPTION

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. Cisco IOS XE Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374410 // VULMON: CVE-2021-1356

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.15.2xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004800 // NVD: CVE-2021-1356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1356
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1356
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1356
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202103-1453
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374410
value: LOW

Trust: 0.1

VULMON: CVE-2021-1356
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1356
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374410
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1356
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-1356
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374410 // VULMON: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1453 // NVD: CVE-2021-1356 // NVD: CVE-2021-1356

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

problemtype:Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374410 // JVNDB: JVNDB-2021-004800 // NVD: CVE-2021-1356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1453

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-xe-webui-dos-z9yqYQAnurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn

Trust: 0.8

title:Cisco IOS and IOS XE Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145092

Trust: 0.6

title:Cisco: Cisco IOS XE Software Web UI Denial of Service Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-xe-webui-dos-z9yqYQAn

Trust: 0.1

sources: VULMON: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202103-1453

EXTERNAL IDS

db:NVDid:CVE-2021-1356

Trust: 2.6

db:JVNDBid:JVNDB-2021-004800

Trust: 0.8

db:CNNVDid:CNNVD-202103-1453

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042150

Trust: 0.6

db:VULHUBid:VHN-374410

Trust: 0.1

db:VULMONid:CVE-2021-1356

Trust: 0.1

sources: VULHUB: VHN-374410 // VULMON: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1453 // NVD: CVE-2021-1356

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xe-webui-dos-z9yqyqan

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1356

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042150

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/755.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198710

Trust: 0.1

sources: VULHUB: VHN-374410 // VULMON: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1453 // NVD: CVE-2021-1356

SOURCES

db:VULHUBid:VHN-374410
db:VULMONid:CVE-2021-1356
db:JVNDBid:JVNDB-2021-004800
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202103-1453
db:NVDid:CVE-2021-1356

LAST UPDATE DATE

2024-08-14T13:05:46.907000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374410date:2021-03-29T00:00:00
db:VULMONid:CVE-2021-1356date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-004800date:2021-11-30T06:13:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202103-1453date:2021-04-22T00:00:00
db:NVDid:CVE-2021-1356date:2023-11-07T03:28:04.830

SOURCES RELEASE DATE

db:VULHUBid:VHN-374410date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1356date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004800date:2021-11-30T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202103-1453date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1356date:2021-03-24T21:15:11.647