Details of VAR-202103-0533

ID

VAR-202103-0533

CVE

CVE-2021-1433

TITLE

Cisco IOS XE SD-WAN Buffer Error Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004766

DESCRIPTION

A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The attacker must have a man-in-the-middle position between Cisco vManage and an associated device that is running an affected version of Cisco IOS XE SD-WAN Software. An exploit could allow the attacker to conduct a controllable buffer overflow attack (and possibly execute arbitrary commands as the root user) or cause a device reload, resulting in a denial of service (DoS) condition

Trust: 1.8

sources: NVD: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // VULHUB: VHN-374487 // VULMON: CVE-2021-1433

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1z	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1y	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1za	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1w	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1x	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1r	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2s	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004766 // NVD: CVE-2021-1433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1433
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1433
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1433
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-1399
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374487
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1433
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1433
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374487
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1433
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1433
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374487 // VULMON: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // CNNVD: CNNVD-202103-1399 // NVD: CVE-2021-1433 // NVD: CVE-2021-1433

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.1
problemtype:	Buffer error (CWE-119) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374487 // JVNDB: JVNDB-2021-004766 // NVD: CVE-2021-1433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1399

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1399

PATCH

title:	cisco-sa-iosxe-buffover-CqdRWLc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-buffover-CqdRWLc	Trust: 0.8
title:	Cisco IOS XE Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145702	Trust: 0.6
title:	Cisco: Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxe-buffover-CqdRWLc	Trust: 0.1

sources: VULMON: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // CNNVD: CNNVD-202103-1399

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1433	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-004766	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1399	Trust: 0.6
db:	VULHUB	id:	VHN-374487	Trust: 0.1
db:	VULMON	id:	CVE-2021-1433	Trust: 0.1

sources: VULHUB: VHN-374487 // VULMON: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // CNNVD: CNNVD-202103-1399 // NVD: CVE-2021-1433

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-buffover-cqdrwlc	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1433	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374487 // VULMON: CVE-2021-1433 // JVNDB: JVNDB-2021-004766 // CNNVD: CNNVD-202103-1399 // NVD: CVE-2021-1433

SOURCES

db:	VULHUB	id:	VHN-374487
db:	VULMON	id:	CVE-2021-1433
db:	JVNDB	id:	JVNDB-2021-004766
db:	CNNVD	id:	CNNVD-202103-1399
db:	NVD	id:	CVE-2021-1433

LAST UPDATE DATE

2024-08-14T13:54:08.347000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374487	date:	2021-03-29T00:00:00
db:	VULMON	id:	CVE-2021-1433	date:	2021-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-004766	date:	2021-11-29T09:16:00
db:	CNNVD	id:	CNNVD-202103-1399	date:	2021-03-30T00:00:00
db:	NVD	id:	CVE-2021-1433	date:	2023-11-07T03:28:18.150

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374487	date:	2021-03-24T00:00:00
db:	VULMON	id:	CVE-2021-1433	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004766	date:	2021-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202103-1399	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2021-1433	date:	2021-03-24T20:15:14.603