ID

VAR-202103-0467


CVE

CVE-2021-1373


TITLE

Cisco Catalyst 9000  For family wireless controller  Cisco IOS XE  Buffer over-read vulnerability in wireless controller software

Trust: 0.8

sources: JVNDB: JVNDB-2021-004890

DESCRIPTION

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. Cisco Catalyst 9000 is a switch made by Cisco in the United States

Trust: 2.25

sources: NVD: CVE-2021-1373 // JVNDB: JVNDB-2021-004890 // CNVD: CNVD-2021-22454 // VULMON: CVE-2021-1373

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-22454

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:catalystscope:eqversion:9000

Trust: 0.6

sources: CNVD: CNVD-2021-22454 // JVNDB: JVNDB-2021-004890 // NVD: CVE-2021-1373

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1373
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1373
value: HIGH

Trust: 1.0

NVD: CVE-2021-1373
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-22454
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202103-1445
value: HIGH

Trust: 0.6

VULMON: CVE-2021-1373
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1373
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-22454
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1373
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 2.0

NVD: CVE-2021-1373
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-22454 // VULMON: CVE-2021-1373 // JVNDB: JVNDB-2021-004890 // CNNVD: CNNVD-202103-1445 // NVD: CVE-2021-1373 // NVD: CVE-2021-1373

PROBLEMTYPE DATA

problemtype:CWE-126

Trust: 1.0

problemtype:Buffer over read (CWE-126) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004890 // NVD: CVE-2021-1373

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1445

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-1445

PATCH

title:cisco-sa-ewlc-capwap-dos-2OA3JgKSurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-2OA3JgKS

Trust: 0.8

title:Patch for Cisco Catalyst 9000 Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/254866

Trust: 0.6

title:Cisco Catalyst 9000 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145085

Trust: 0.6

title:Cisco: Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ewlc-capwap-dos-2OA3JgKS

Trust: 0.1

sources: CNVD: CNVD-2021-22454 // VULMON: CVE-2021-1373 // JVNDB: JVNDB-2021-004890 // CNNVD: CNNVD-202103-1445

EXTERNAL IDS

db:NVDid:CVE-2021-1373

Trust: 3.1

db:JVNDBid:JVNDB-2021-004890

Trust: 0.8

db:CNVDid:CNVD-2021-22454

Trust: 0.6

db:CNNVDid:CNNVD-202103-1445

Trust: 0.6

db:VULMONid:CVE-2021-1373

Trust: 0.1

sources: CNVD: CNVD-2021-22454 // VULMON: CVE-2021-1373 // JVNDB: JVNDB-2021-004890 // CNNVD: CNNVD-202103-1445 // NVD: CVE-2021-1373

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-1373

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ewlc-capwap-dos-2oa3jgks

Trust: 1.7

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/126.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198742

Trust: 0.1

sources: CNVD: CNVD-2021-22454 // VULMON: CVE-2021-1373 // JVNDB: JVNDB-2021-004890 // CNNVD: CNNVD-202103-1445 // NVD: CVE-2021-1373

SOURCES

db:CNVDid:CNVD-2021-22454
db:VULMONid:CVE-2021-1373
db:JVNDBid:JVNDB-2021-004890
db:CNNVDid:CNNVD-202103-1445
db:NVDid:CVE-2021-1373

LAST UPDATE DATE

2024-08-14T15:11:58.816000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-22454date:2021-03-26T00:00:00
db:VULMONid:CVE-2021-1373date:2021-03-30T00:00:00
db:JVNDBid:JVNDB-2021-004890date:2021-12-01T09:06:00
db:CNNVDid:CNNVD-202103-1445date:2021-03-31T00:00:00
db:NVDid:CVE-2021-1373date:2023-11-07T03:28:07.860

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-22454date:2021-03-26T00:00:00
db:VULMONid:CVE-2021-1373date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004890date:2021-12-01T00:00:00
db:CNNVDid:CNNVD-202103-1445date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1373date:2021-03-24T21:15:11.960