Sign-up

ID

VAR-202103-0534


CVE

CVE-2021-1403


TITLE

Cisco IOS XE  Vulnerability for inadequate validation of data reliability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004769

DESCRIPTION

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient HTTP protections in the web UI on an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the web UI to follow a crafted link. A successful exploit could allow the attacker to corrupt memory on the affected device, forcing it to reload and causing a DoS condition. Cisco IOS XE Exists in an inadequate validation of data reliability vulnerabilities.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 2.34

sources: NVD: CVE-2021-1403 // JVNDB: JVNDB-2021-004769 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374457 // VULMON: CVE-2021-1403

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.3.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1y

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.7a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.11

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.5b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.4.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.5a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.10

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.5.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.4c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.7

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.6

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.2t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.9

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.2s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1za

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.7

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.8

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3h

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.2xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.1.1t

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.10.1g

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.11.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.8.1d

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.6.8

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.9.5f

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.3.1a

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-004769 // NVD: CVE-2021-1403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1403
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1403
value: HIGH

Trust: 1.0

NVD: CVE-2021-1403
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202103-1454
value: HIGH

Trust: 0.6

VULHUB: VHN-374457
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1403
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1403
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374457
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1403
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 2.0

NVD: CVE-2021-1403
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374457 // VULMON: CVE-2021-1403 // JVNDB: JVNDB-2021-004769 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1454 // NVD: CVE-2021-1403 // NVD: CVE-2021-1403

PROBLEMTYPE DATA

problemtype:CWE-1021

Trust: 1.0

problemtype:CWE-345

Trust: 1.0

problemtype:Inadequate verification of data reliability (CWE-345) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004769 // NVD: CVE-2021-1403

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1454

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-iosxe-cswsh-FKk9AzT5url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-cswsh-FKk9AzT5

Trust: 0.8

title:Cisco IOS XE Repair measures for data forgery problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145733

Trust: 0.6

title:Cisco: Cisco IOS XE Software Web UI Cross-Site WebSocket Hijacking Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxe-cswsh-FKk9AzT5

Trust: 0.1

sources: VULMON: CVE-2021-1403 // JVNDB: JVNDB-2021-004769 // CNNVD: CNNVD-202103-1454

EXTERNAL IDS

db:NVDid:CVE-2021-1403

Trust: 2.6

db:JVNid:JVNVU99743643

Trust: 0.8

db:JVNDBid:JVNDB-2021-004769

Trust: 0.8

db:CNNVDid:CNNVD-202103-1454

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042150

Trust: 0.6

db:ICS CERTid:ICSA-21-110-02

Trust: 0.6

db:VULHUBid:VHN-374457

Trust: 0.1

db:VULMONid:CVE-2021-1403

Trust: 0.1

sources: VULHUB: VHN-374457 // VULMON: CVE-2021-1403 // JVNDB: JVNDB-2021-004769 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1454 // NVD: CVE-2021-1403

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-cswsh-fkk9azt5

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1403

Trust: 1.4

url:https://jvn.jp/vu/jvnvu99743643/index.html

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-110-02

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042150

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/345.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198737

Trust: 0.1

sources: VULHUB: VHN-374457 // VULMON: CVE-2021-1403 // JVNDB: JVNDB-2021-004769 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202103-1454 // NVD: CVE-2021-1403

SOURCES

db:VULHUBid:VHN-374457
db:VULMONid:CVE-2021-1403
db:JVNDBid:JVNDB-2021-004769
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202103-1454
db:NVDid:CVE-2021-1403

LAST UPDATE DATE

2024-08-14T13:00:35.849000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374457date:2022-08-05T00:00:00
db:VULMONid:CVE-2021-1403date:2021-03-29T00:00:00
db:JVNDBid:JVNDB-2021-004769date:2021-11-29T09:16:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202103-1454date:2022-08-10T00:00:00
db:NVDid:CVE-2021-1403date:2023-11-07T03:28:13.503

SOURCES RELEASE DATE

db:VULHUBid:VHN-374457date:2021-03-24T00:00:00
db:VULMONid:CVE-2021-1403date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004769date:2021-11-29T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202103-1454date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1403date:2021-03-24T20:15:14.320