Sign-up

ID

VAR-202104-0294


CVE

CVE-2021-1137


TITLE

Cisco SD-WAN vManage  Buffer error vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-005329

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.8

sources: NVD: CVE-2021-1137 // JVNDB: JVNDB-2021-005329 // VULHUB: VHN-374191 // VULMON: CVE-2021-1137

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.4.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.3.3

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:gteversion:19.3

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:19.2.4

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005329 // NVD: CVE-2021-1137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1137
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1137
value: HIGH

Trust: 1.0

NVD: CVE-2021-1137
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-455
value: HIGH

Trust: 0.6

VULHUB: VHN-374191
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1137
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1137
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374191
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1137
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-1137
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374191 // VULMON: CVE-2021-1137 // JVNDB: JVNDB-2021-005329 // CNNVD: CNNVD-202104-455 // NVD: CVE-2021-1137 // NVD: CVE-2021-1137

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374191 // JVNDB: JVNDB-2021-005329 // NVD: CVE-2021-1137

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-455

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202104-455

PATCH

title:cisco-sa-vmanage-YuTVWqyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

Trust: 0.8

title:Cisco SD-WAN vManage Software Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147036

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmanage-YuTVWqy

Trust: 0.1

title:Threatposturl:https://threatpost.com/zero-day-bug-soho-routers/165321/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisco-fixes-bug-allowing-remote-code-execution-with-root-privileges/

Trust: 0.1

sources: VULMON: CVE-2021-1137 // JVNDB: JVNDB-2021-005329 // CNNVD: CNNVD-202104-455

EXTERNAL IDS

db:NVDid:CVE-2021-1137

Trust: 3.4

db:JVNDBid:JVNDB-2021-005329

Trust: 0.8

db:CNNVDid:CNNVD-202104-455

Trust: 0.7

db:AUSCERTid:ESB-2021.1163

Trust: 0.6

db:VULHUBid:VHN-374191

Trust: 0.1

db:VULMONid:CVE-2021-1137

Trust: 0.1

sources: VULHUB: VHN-374191 // VULMON: CVE-2021-1137 // JVNDB: JVNDB-2021-005329 // CNNVD: CNNVD-202104-455 // NVD: CVE-2021-1137

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmanage-yutvwqy

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1137

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.1163

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/zero-day-bug-soho-routers/165321/

Trust: 0.1

sources: VULHUB: VHN-374191 // VULMON: CVE-2021-1137 // JVNDB: JVNDB-2021-005329 // CNNVD: CNNVD-202104-455 // NVD: CVE-2021-1137

SOURCES

db:VULHUBid:VHN-374191
db:VULMONid:CVE-2021-1137
db:JVNDBid:JVNDB-2021-005329
db:CNNVDid:CNNVD-202104-455
db:NVDid:CVE-2021-1137

LAST UPDATE DATE

2024-08-14T15:17:17.251000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374191date:2022-08-05T00:00:00
db:VULMONid:CVE-2021-1137date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2021-005329date:2021-12-13T02:45:00
db:CNNVDid:CNNVD-202104-455date:2022-08-08T00:00:00
db:NVDid:CVE-2021-1137date:2023-11-07T03:27:28.800

SOURCES RELEASE DATE

db:VULHUBid:VHN-374191date:2021-04-08T00:00:00
db:VULMONid:CVE-2021-1137date:2021-04-08T00:00:00
db:JVNDBid:JVNDB-2021-005329date:2021-12-13T00:00:00
db:CNNVDid:CNNVD-202104-455date:2021-04-07T00:00:00
db:NVDid:CVE-2021-1137date:2021-04-08T04:15:11.717