ID

VAR-202104-0377


CVE

CVE-2021-1251


TITLE

Cisco Small Business RV  Series router   Buffer Error Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-005330

DESCRIPTION

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)

Trust: 2.25

sources: NVD: CVE-2021-1251 // JVNDB: JVNDB-2021-005330 // CNVD: CNVD-2021-26111 // VULMON: CVE-2021-1251

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-26111

AFFECTED PRODUCTS

vendor:ciscomodel:rv132wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv260pscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv260wscope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv160scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv340scope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv345scope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv134wscope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv345pscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv340wscope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv260scope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv260wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv132wscope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv340scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv160wscope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv260pscope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv134wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv160scope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv345scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv340wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv260scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv345pscope:eqversion:1.0.3.20

Trust: 1.0

vendor:ciscomodel:rv160wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260p vpn router with poescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv134w vdsl2 wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv132w adsl2+ wireless-n vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:link layer discovery protocolscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-26111 // JVNDB: JVNDB-2021-005330 // NVD: CVE-2021-1251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1251
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1251
value: HIGH

Trust: 1.0

NVD: CVE-2021-1251
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-26111
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-435
value: HIGH

Trust: 0.6

VULMON: CVE-2021-1251
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1251
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-26111
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1251
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 2.0

NVD: CVE-2021-1251
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-26111 // VULMON: CVE-2021-1251 // JVNDB: JVNDB-2021-005330 // CNNVD: CNNVD-202104-435 // NVD: CVE-2021-1251 // NVD: CVE-2021-1251

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-005330 // NVD: CVE-2021-1251

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-435

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-435

PATCH

title:cisco-sa-rv-multi-lldp-u7e4chCeurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe

Trust: 0.8

title:Patch for Cisco Link Layer Discovery Protocol Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/257011

Trust: 0.6

title:Cisco Link Layer Discovery Protocol Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147017

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-multi-lldp-u7e4chCe

Trust: 0.1

sources: CNVD: CNVD-2021-26111 // VULMON: CVE-2021-1251 // JVNDB: JVNDB-2021-005330 // CNNVD: CNNVD-202104-435

EXTERNAL IDS

db:NVDid:CVE-2021-1251

Trust: 3.9

db:JVNDBid:JVNDB-2021-005330

Trust: 0.8

db:CNVDid:CNVD-2021-26111

Trust: 0.6

db:AUSCERTid:ESB-2021.1171.3

Trust: 0.6

db:CNNVDid:CNNVD-202104-435

Trust: 0.6

db:VULMONid:CVE-2021-1251

Trust: 0.1

sources: CNVD: CNVD-2021-26111 // VULMON: CVE-2021-1251 // JVNDB: JVNDB-2021-005330 // CNNVD: CNNVD-202104-435 // NVD: CVE-2021-1251

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1251

Trust: 2.0

url:https://www.auscert.org.au/bulletins/esb-2021.1171.3

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-26111 // VULMON: CVE-2021-1251 // JVNDB: JVNDB-2021-005330 // CNNVD: CNNVD-202104-435 // NVD: CVE-2021-1251

SOURCES

db:CNVDid:CNVD-2021-26111
db:VULMONid:CVE-2021-1251
db:JVNDBid:JVNDB-2021-005330
db:CNNVDid:CNNVD-202104-435
db:NVDid:CVE-2021-1251

LAST UPDATE DATE

2024-08-14T13:43:34.965000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-26111date:2021-04-09T00:00:00
db:VULMONid:CVE-2021-1251date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2021-005330date:2021-12-13T02:45:00
db:CNNVDid:CNNVD-202104-435date:2022-08-08T00:00:00
db:NVDid:CVE-2021-1251date:2023-11-07T03:27:48.083

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-26111date:2021-04-09T00:00:00
db:VULMONid:CVE-2021-1251date:2021-04-08T00:00:00
db:JVNDBid:JVNDB-2021-005330date:2021-12-13T00:00:00
db:CNNVDid:CNNVD-202104-435date:2021-04-07T00:00:00
db:NVDid:CVE-2021-1251date:2021-04-08T04:15:11.860