Details of VAR-202103-0465

ID

VAR-202103-0465

CVE

CVE-2021-1356

TITLE

Cisco IOS XE Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004800

DESCRIPTION

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. Cisco IOS XE Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374410 // VULMON: CVE-2021-1356

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1r	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004800 // NVD: CVE-2021-1356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1356
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1356
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1356
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1453
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374410
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1356
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1356
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374410
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1356
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1356
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374410 // VULMON: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1453 // NVD: CVE-2021-1356 // NVD: CVE-2021-1356

PROBLEMTYPE DATA

problemtype:	CWE-755	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374410 // JVNDB: JVNDB-2021-004800 // NVD: CVE-2021-1356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1453

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-xe-webui-dos-z9yqYQAn	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn	Trust: 0.8
title:	Cisco IOS and IOS XE Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145092	Trust: 0.6
title:	Cisco: Cisco IOS XE Software Web UI Denial of Service Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-xe-webui-dos-z9yqYQAn	Trust: 0.1

sources: VULMON: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202103-1453

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1356	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-004800	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1453	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021042150	Trust: 0.6
db:	VULHUB	id:	VHN-374410	Trust: 0.1
db:	VULMON	id:	CVE-2021-1356	Trust: 0.1

sources: VULHUB: VHN-374410 // VULMON: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1453 // NVD: CVE-2021-1356

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xe-webui-dos-z9yqyqan	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1356	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042150	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/755.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/198710	Trust: 0.1

sources: VULHUB: VHN-374410 // VULMON: CVE-2021-1356 // JVNDB: JVNDB-2021-004800 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1453 // NVD: CVE-2021-1356

SOURCES

db:	VULHUB	id:	VHN-374410
db:	VULMON	id:	CVE-2021-1356
db:	JVNDB	id:	JVNDB-2021-004800
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202103-1453
db:	NVD	id:	CVE-2021-1356

LAST UPDATE DATE

2024-08-14T13:05:46.907000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374410	date:	2021-03-29T00:00:00
db:	VULMON	id:	CVE-2021-1356	date:	2021-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-004800	date:	2021-11-30T06:13:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202103-1453	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-2021-1356	date:	2023-11-07T03:28:04.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374410	date:	2021-03-24T00:00:00
db:	VULMON	id:	CVE-2021-1356	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004800	date:	2021-11-30T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202103-1453	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2021-1356	date:	2021-03-24T21:15:11.647