Details of VAR-202103-0538

ID

VAR-202103-0538

CVE

CVE-2021-1394

TITLE

Cisco IOS XE Resource management vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004771

DESCRIPTION

A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This vulnerability is due to incorrect processing of certain IPv4 TCP traffic that is destined to an affected device. An attacker could exploit this vulnerability by sending a large number of crafted TCP packets to the affected device. A successful exploit could allow the attacker to cause the web management interface to become unavailable, resulting in a DoS condition. Note: This vulnerability does not impact traffic that is going through the device or going to the Management Ethernet interface of the device. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity

Trust: 1.8

sources: NVD: CVE-2021-1394 // JVNDB: JVNDB-2021-004771 // VULHUB: VHN-374448 // VULMON: CVE-2021-1394

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1g	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1f	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004771 // NVD: CVE-2021-1394

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1394
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1394
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1394
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202103-1416
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374448
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1394
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1394
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374448
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1394
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1394
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374448 // VULMON: CVE-2021-1394 // JVNDB: JVNDB-2021-004771 // CNNVD: CNNVD-202103-1416 // NVD: CVE-2021-1394 // NVD: CVE-2021-1394

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Resource management issues (CWE-399) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004771 // NVD: CVE-2021-1394

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1416

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1416

PATCH

title:	cisco-sa-ncs520-tcp-ZpzzOxB	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs520-tcp-ZpzzOxB	Trust: 0.8
title:	Cisco IOS XE Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145716	Trust: 0.6
title:	Cisco: Cisco IOS XE Software for Network Convergence System 520 Routers Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ncs520-tcp-ZpzzOxB	Trust: 0.1

sources: VULMON: CVE-2021-1394 // JVNDB: JVNDB-2021-004771 // CNNVD: CNNVD-202103-1416

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1394	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-004771	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1416	Trust: 0.7
db:	VULHUB	id:	VHN-374448	Trust: 0.1
db:	VULMON	id:	CVE-2021-1394	Trust: 0.1

sources: VULHUB: VHN-374448 // VULMON: CVE-2021-1394 // JVNDB: JVNDB-2021-004771 // CNNVD: CNNVD-202103-1416 // NVD: CVE-2021-1394

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ncs520-tcp-zpzzoxb	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1394	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374448 // VULMON: CVE-2021-1394 // JVNDB: JVNDB-2021-004771 // CNNVD: CNNVD-202103-1416 // NVD: CVE-2021-1394

SOURCES

db:	VULHUB	id:	VHN-374448
db:	VULMON	id:	CVE-2021-1394
db:	JVNDB	id:	JVNDB-2021-004771
db:	CNNVD	id:	CNNVD-202103-1416
db:	NVD	id:	CVE-2021-1394

LAST UPDATE DATE

2024-08-14T14:56:00.027000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374448	date:	2022-04-25T00:00:00
db:	VULMON	id:	CVE-2021-1394	date:	2022-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-004771	date:	2021-11-29T09:16:00
db:	CNNVD	id:	CNNVD-202103-1416	date:	2022-04-26T00:00:00
db:	NVD	id:	CVE-2021-1394	date:	2023-11-07T03:28:11.960

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374448	date:	2021-03-24T00:00:00
db:	VULMON	id:	CVE-2021-1394	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004771	date:	2021-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202103-1416	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2021-1394	date:	2021-03-24T20:15:14.133