Details of VAR-202104-0380

ID

VAR-202104-0380

CVE

CVE-2021-1308

TITLE

Cisco Small Business RV Buffer error vulnerability in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-005371

DESCRIPTION

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)

Trust: 2.25

sources: NVD: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-35514

AFFECTED PRODUCTS

vendor:	cisco	model:	rv132w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv132w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv134w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv260	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv260p	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv260p	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv340w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv160	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv160	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv132w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv260p	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv160w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv345p	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv345p	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv160	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv260w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv260w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv345p	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv134w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv134w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv260w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv340w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv260	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv260	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv340w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv160w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv160w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	シスコシステムズ	model:	rv160 vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv260 vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco rv132w adsl2+ wireless-n vpn ルータ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv260p vpn router with poe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco rv134w vdsl2 wireless-ac vpn ルータ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv340 dual wan gigabit vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv345 dual wan gigabit vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv260w wireless-ac vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv160w wireless-ac vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	link layer discovery protocol	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-35514 // JVNDB: JVNDB-2021-005371 // NVD: CVE-2021-1308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1308
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1308
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1308
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-35514
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-434
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-1308
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1308
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-35514
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1308
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1308
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNNVD: CNNVD-202104-434 // NVD: CVE-2021-1308 // NVD: CVE-2021-1308

PROBLEMTYPE DATA

problemtype:	CWE-401	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-005371 // NVD: CVE-2021-1308

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-434

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-434

PATCH

title:	cisco-sa-rv-multi-lldp-u7e4chCe	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe	Trust: 0.8
title:	Patch for Cisco Link Layer Discovery Protocol buffer overflow vulnerability (CNVD-2021-35514)	url:	https://www.cnvd.org.cn/patchInfo/show/265676	Trust: 0.6
title:	Cisco Link Layer Discovery Protocol Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147016	Trust: 0.6
title:	Cisco: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-multi-lldp-u7e4chCe	Trust: 0.1

sources: CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNNVD: CNNVD-202104-434

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1308	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-005371	Trust: 0.8
db:	CNVD	id:	CNVD-2021-35514	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1171.3	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-434	Trust: 0.6
db:	VULMON	id:	CVE-2021-1308	Trust: 0.1

sources: CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNNVD: CNNVD-202104-434 // NVD: CVE-2021-1308

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1308	Trust: 2.0
url:	https://www.auscert.org.au/bulletins/esb-2021.1171.3	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNNVD: CNNVD-202104-434 // NVD: CVE-2021-1308

SOURCES

db:	CNVD	id:	CNVD-2021-35514
db:	VULMON	id:	CVE-2021-1308
db:	JVNDB	id:	JVNDB-2021-005371
db:	CNNVD	id:	CNNVD-202104-434
db:	NVD	id:	CVE-2021-1308

LAST UPDATE DATE

2024-08-14T13:43:34.933000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-35514	date:	2021-05-19T00:00:00
db:	VULMON	id:	CVE-2021-1308	date:	2021-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-005371	date:	2021-12-13T09:08:00
db:	CNNVD	id:	CNNVD-202104-434	date:	2022-08-08T00:00:00
db:	NVD	id:	CVE-2021-1308	date:	2023-11-07T03:27:55.717

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-35514	date:	2021-05-19T00:00:00
db:	VULMON	id:	CVE-2021-1308	date:	2021-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-005371	date:	2021-12-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-434	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-1308	date:	2021-04-08T04:15:11.983