ID

VAR-202103-0765


CVE

CVE-2021-1460


TITLE

plural  Cisco  Resource depletion vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-004971

DESCRIPTION

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition. plural Cisco The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Cisco Iox is a secure development environment of the US Cisco (Cisco) that combines Cisco IOS and Linux OS for secure network connection and development of IOT applications

Trust: 2.25

sources: NVD: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-24462

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:ltversion:15.9\(3\)m3

Trust: 1.0

vendor:ciscomodel:cgr1000scope:ltversion:1.12.0.3

Trust: 1.0

vendor:ciscomodel:ic3000 industrial compute gatewayscope:ltversion:1.3.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco iosscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ic3000 industrial compute gatewayscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco cgr 1000scope: - version: -

Trust: 0.8

vendor:ciscomodel:industrial integrated services routersscope:eqversion:809

Trust: 0.6

vendor:ciscomodel:industrial integrated services routersscope:eqversion:829

Trust: 0.6

vendor:ciscomodel:cgr1000scope: - version: -

Trust: 0.6

vendor:ciscomodel:ic3000 industrial compute gatewayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-24462 // JVNDB: JVNDB-2021-004971 // NVD: CVE-2021-1460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1460
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1460
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1460
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-24462
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202103-1386
value: HIGH

Trust: 0.6

VULMON: CVE-2021-1460
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1460
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-24462
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1460
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1460
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1460
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNNVD: CNNVD-202103-1386 // NVD: CVE-2021-1460 // NVD: CVE-2021-1460

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004971 // NVD: CVE-2021-1460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-1386

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202103-1386

PATCH

title:cisco-sa-iox-dos-4Fgcjh6url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-4Fgcjh6

Trust: 0.8

title:Patch for Cisco IOx Application Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/255721

Trust: 0.6

title:Repair measures for resource management errors and vulnerabilities in multiple productsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146027

Trust: 0.6

title:Cisco: Cisco IOx Application Framework Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iox-dos-4Fgcjh6

Trust: 0.1

sources: CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNNVD: CNNVD-202103-1386

EXTERNAL IDS

db:NVDid:CVE-2021-1460

Trust: 3.1

db:JVNDBid:JVNDB-2021-004971

Trust: 0.8

db:CNVDid:CNVD-2021-24462

Trust: 0.6

db:CNNVDid:CNNVD-202103-1386

Trust: 0.6

db:VULMONid:CVE-2021-1460

Trust: 0.1

sources: CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNNVD: CNNVD-202103-1386 // NVD: CVE-2021-1460

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-1460

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iox-dos-4fgcjh6

Trust: 1.8

url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198722

Trust: 0.1

sources: CNVD: CNVD-2021-24462 // VULMON: CVE-2021-1460 // JVNDB: JVNDB-2021-004971 // CNNVD: CNNVD-202103-1386 // NVD: CVE-2021-1460

SOURCES

db:CNVDid:CNVD-2021-24462
db:VULMONid:CVE-2021-1460
db:JVNDBid:JVNDB-2021-004971
db:CNNVDid:CNNVD-202103-1386
db:NVDid:CVE-2021-1460

LAST UPDATE DATE

2024-11-23T22:40:46.077000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-24462date:2021-04-02T00:00:00
db:VULMONid:CVE-2021-1460date:2021-03-31T00:00:00
db:JVNDBid:JVNDB-2021-004971date:2021-12-02T09:13:00
db:CNNVDid:CNNVD-202103-1386date:2021-04-21T00:00:00
db:NVDid:CVE-2021-1460date:2024-11-21T05:44:24.730

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-24462date:2021-04-02T00:00:00
db:VULMONid:CVE-2021-1460date:2021-03-24T00:00:00
db:JVNDBid:JVNDB-2021-004971date:2021-12-02T00:00:00
db:CNNVDid:CNNVD-202103-1386date:2021-03-24T00:00:00
db:NVDid:CVE-2021-1460date:2021-03-24T20:15:15.777