Details of VAR-202103-0763

ID

VAR-202103-0763

CVE

CVE-2021-1453

TITLE

Cisco IOS XE Digital Signature Verification Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004757

DESCRIPTION

A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device. Cisco IOS XE Exists in a digital signature validation vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco Catalyst 9000 is a switchboard of Cisco (Cisco)

Trust: 1.8

sources: NVD: CVE-2021-1453 // JVNDB: JVNDB-2021-004757 // VULHUB: VHN-374507 // VULMON: CVE-2021-1453

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.8	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3s	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-004757 // NVD: CVE-2021-1453

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1453
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1453
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1453
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202103-1391
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374507
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1453
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1453
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374507
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1453
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1453
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374507 // VULMON: CVE-2021-1453 // JVNDB: JVNDB-2021-004757 // CNNVD: CNNVD-202103-1391 // NVD: CVE-2021-1453 // NVD: CVE-2021-1453

PROBLEMTYPE DATA

problemtype:	CWE-347	Trust: 1.1
problemtype:	Improper verification of digital signatures (CWE-347) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374507 // JVNDB: JVNDB-2021-004757 // NVD: CVE-2021-1453

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202103-1391

PATCH

title:	cisco-sa-ios-xe-cat-verify-BQ5hrXgH	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-BQ5hrXgH	Trust: 0.8
title:	Cisco Cisco Catalyst 9000 Repair measures for data forgery problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145696	Trust: 0.6
title:	Cisco: Cisco IOS XE Software for the Catalyst 9000 Family Arbitrary Code Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ios-xe-cat-verify-BQ5hrXgH	Trust: 0.1

sources: VULMON: CVE-2021-1453 // JVNDB: JVNDB-2021-004757 // CNNVD: CNNVD-202103-1391

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1453	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-004757	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1391	Trust: 0.6
db:	VULHUB	id:	VHN-374507	Trust: 0.1
db:	VULMON	id:	CVE-2021-1453	Trust: 0.1

sources: VULHUB: VHN-374507 // VULMON: CVE-2021-1453 // JVNDB: JVNDB-2021-004757 // CNNVD: CNNVD-202103-1391 // NVD: CVE-2021-1453

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-xe-cat-verify-bq5hrxgh	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1453	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/347.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/198735	Trust: 0.1

sources: VULHUB: VHN-374507 // VULMON: CVE-2021-1453 // JVNDB: JVNDB-2021-004757 // CNNVD: CNNVD-202103-1391 // NVD: CVE-2021-1453

SOURCES

db:	VULHUB	id:	VHN-374507
db:	VULMON	id:	CVE-2021-1453
db:	JVNDB	id:	JVNDB-2021-004757
db:	CNNVD	id:	CNNVD-202103-1391
db:	NVD	id:	CVE-2021-1453

LAST UPDATE DATE

2024-08-14T15:22:21.833000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374507	date:	2021-03-29T00:00:00
db:	VULMON	id:	CVE-2021-1453	date:	2021-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-004757	date:	2021-11-29T09:16:00
db:	CNNVD	id:	CNNVD-202103-1391	date:	2021-03-30T00:00:00
db:	NVD	id:	CVE-2021-1453	date:	2023-11-07T03:28:20.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374507	date:	2021-03-24T00:00:00
db:	VULMON	id:	CVE-2021-1453	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004757	date:	2021-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202103-1391	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2021-1453	date:	2021-03-24T20:15:15.623