ID

VAR-202103-0533


CVE

CVE-2021-1433


TITLE

Cisco IOS XE SD-WAN  Buffer Error Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004766

DESCRIPTION

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The attacker must have a man-in-the-middle position between Cisco vManage and an associated device that is running an affected version of Cisco IOS XE SD-WAN Software. An exploit could allow the attacker to conduct a controllable buffer overflow attack (and possibly execute arbitrary commands as the root user) or cause a device reload, resulting in a denial of service (DoS) condition

Trust: 1.8

sources: NVD: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // VULHUB: VHN-374487 // VULMON: CVE-2021-1433

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.12.1z

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1za

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.2xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004766 // NVD: CVE-2021-1433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1433
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1433
value: HIGH

Trust: 1.0

NVD: CVE-2021-1433
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202103-1399
value: HIGH

Trust: 0.6

VULHUB: VHN-374487
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1433
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1433
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374487
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1433
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-1433
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374487 // VULMON: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // CNNVD: CNNVD-202103-1399 // NVD: CVE-2021-1433 // NVD: CVE-2021-1433

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

problemtype:Buffer error (CWE-119) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374487 // JVNDB: JVNDB-2021-004766 // NVD: CVE-2021-1433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1399

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1399

PATCH

title:cisco-sa-iosxe-buffover-CqdRWLcurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-buffover-CqdRWLc

Trust: 0.8

title:Cisco IOS XE Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145702

Trust: 0.6

title:Cisco: Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxe-buffover-CqdRWLc

Trust: 0.1

sources: VULMON: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // CNNVD: CNNVD-202103-1399

EXTERNAL IDS

db:NVDid:CVE-2021-1433

Trust: 2.6

db:JVNDBid:JVNDB-2021-004766

Trust: 0.8

db:CNNVDid:CNNVD-202103-1399

Trust: 0.6

db:VULHUBid:VHN-374487

Trust: 0.1

db:VULMONid:CVE-2021-1433

Trust: 0.1

sources: VULHUB: VHN-374487 // VULMON: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // CNNVD: CNNVD-202103-1399 // NVD: CVE-2021-1433

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-buffover-cqdrwlc

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1433

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374487 // VULMON: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // CNNVD: CNNVD-202103-1399 // NVD: CVE-2021-1433

SOURCES

db:VULHUBid:VHN-374487
db:VULMONid:CVE-2021-1433
db:JVNDBid:JVNDB-2021-004766
db:CNNVDid:CNNVD-202103-1399
db:NVDid:CVE-2021-1433

LAST UPDATE DATE

2024-08-14T13:54:08.347000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374487date:2021-03-29T00:00:00
db:VULMONid:CVE-2021-1433date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-004766date:2021-11-29T09:16:00
db:CNNVDid:CNNVD-202103-1399date:2021-03-30T00:00:00
db:NVDid:CVE-2021-1433date:2023-11-07T03:28:18.150

SOURCES RELEASE DATE

db:VULHUBid:VHN-374487date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1433date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004766date:2021-11-29T00:00:00
db:CNNVDid:CNNVD-202103-1399date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1433date:2021-03-24T20:15:14.603