Details of VAR-202103-0765

ID

VAR-202103-0765

CVE

CVE-2021-1460

TITLE

plural Cisco Resource depletion vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-004971

DESCRIPTION

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition. plural Cisco The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Cisco Iox is a secure development environment of the US Cisco (Cisco) that combines Cisco IOS and Linux OS for secure network connection and development of IOT applications

Trust: 2.25

sources: NVD: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-24462

AFFECTED PRODUCTS

vendor:	cisco	model:	ic3000 industrial compute gateway	scope:	lt	version:	1.3.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	lt	version:	15.9\(3\)m3	Trust: 1.0
vendor:	cisco	model:	cgr1000	scope:	lt	version:	1.12.0.3	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ic3000 industrial compute gateway	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco cgr 1000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	industrial integrated services routers	scope:	eq	version:	809	Trust: 0.6
vendor:	cisco	model:	industrial integrated services routers	scope:	eq	version:	829	Trust: 0.6
vendor:	cisco	model:	cgr1000	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ic3000 industrial compute gateway	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-24462 // JVNDB: JVNDB-2021-004971 // NVD: CVE-2021-1460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1460
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1460
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1460
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-24462
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1386
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-1460
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1460
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-24462
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1460
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1460
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1460
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNNVD: CNNVD-202103-1386 // NVD: CVE-2021-1460 // NVD: CVE-2021-1460

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	Resource exhaustion (CWE-400) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004971 // NVD: CVE-2021-1460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1386

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1386

PATCH

title:	cisco-sa-iox-dos-4Fgcjh6	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-4Fgcjh6	Trust: 0.8
title:	Patch for Cisco IOx Application Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/255721	Trust: 0.6
title:	Repair measures for resource management errors and vulnerabilities in multiple products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146027	Trust: 0.6
title:	Cisco: Cisco IOx Application Framework Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iox-dos-4Fgcjh6	Trust: 0.1

sources: CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNNVD: CNNVD-202103-1386

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1460	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-004971	Trust: 0.8
db:	CNVD	id:	CNVD-2021-24462	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1386	Trust: 0.6
db:	VULMON	id:	CVE-2021-1460	Trust: 0.1

sources: CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNNVD: CNNVD-202103-1386 // NVD: CVE-2021-1460

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-1460	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iox-dos-4fgcjh6	Trust: 1.8
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/198722	Trust: 0.1

sources: CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNNVD: CNNVD-202103-1386 // NVD: CVE-2021-1460

SOURCES

db:	CNVD	id:	CNVD-2021-24462
db:	VULMON	id:	CVE-2021-1460
db:	JVNDB	id:	JVNDB-2021-004971
db:	CNNVD	id:	CNNVD-202103-1386
db:	NVD	id:	CVE-2021-1460

LAST UPDATE DATE

2024-08-14T14:50:22.052000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-24462	date:	2021-04-02T00:00:00
db:	VULMON	id:	CVE-2021-1460	date:	2021-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-004971	date:	2021-12-02T09:13:00
db:	CNNVD	id:	CNNVD-202103-1386	date:	2021-04-21T00:00:00
db:	NVD	id:	CVE-2021-1460	date:	2023-11-07T03:28:22.057

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-24462	date:	2021-04-02T00:00:00
db:	VULMON	id:	CVE-2021-1460	date:	2021-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004971	date:	2021-12-02T00:00:00
db:	CNNVD	id:	CNNVD-202103-1386	date:	2021-03-24T00:00:00
db:	NVD	id:	CVE-2021-1460	date:	2021-03-24T20:15:15.777