ID

VAR-202104-0380


CVE

CVE-2021-1308


TITLE

Cisco Small Business RV  Buffer error vulnerability in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-005371

DESCRIPTION

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)

Trust: 2.25

sources: NVD: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-35514

AFFECTED PRODUCTS

vendor:ciscomodel:rv132wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv132wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv134wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv260scope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv260pscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv260pscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv340wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv160scope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv160scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv132wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv260pscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv160wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv345pscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv345pscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv160scope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv260wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv260wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv340scope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv340scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv345pscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv134wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv134wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv345scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv260wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv345scope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv340wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv260scope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv260scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv340wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv340scope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv345scope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv160wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv160wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:シスコシステムズmodel:rv160 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv132w adsl2+ wireless-n vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260p vpn router with poescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv134w vdsl2 wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:link layer discovery protocolscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-35514 // JVNDB: JVNDB-2021-005371 // NVD: CVE-2021-1308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1308
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1308
value: HIGH

Trust: 1.0

NVD: CVE-2021-1308
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-35514
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-434
value: HIGH

Trust: 0.6

VULMON: CVE-2021-1308
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1308
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-35514
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1308
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 2.0

NVD: CVE-2021-1308
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNNVD: CNNVD-202104-434 // NVD: CVE-2021-1308 // NVD: CVE-2021-1308

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-005371 // NVD: CVE-2021-1308

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-434

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-434

PATCH

title:cisco-sa-rv-multi-lldp-u7e4chCeurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe

Trust: 0.8

title:Patch for Cisco Link Layer Discovery Protocol buffer overflow vulnerability (CNVD-2021-35514)url:https://www.cnvd.org.cn/patchInfo/show/265676

Trust: 0.6

title:Cisco Link Layer Discovery Protocol Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147016

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-multi-lldp-u7e4chCe

Trust: 0.1

sources: CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNNVD: CNNVD-202104-434

EXTERNAL IDS

db:NVDid:CVE-2021-1308

Trust: 3.9

db:JVNDBid:JVNDB-2021-005371

Trust: 0.8

db:CNVDid:CNVD-2021-35514

Trust: 0.6

db:AUSCERTid:ESB-2021.1171.3

Trust: 0.6

db:CNNVDid:CNNVD-202104-434

Trust: 0.6

db:VULMONid:CVE-2021-1308

Trust: 0.1

sources: CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNNVD: CNNVD-202104-434 // NVD: CVE-2021-1308

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1308

Trust: 2.0

url:https://www.auscert.org.au/bulletins/esb-2021.1171.3

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-35514 // VULMON: CVE-2021-1308 // JVNDB: JVNDB-2021-005371 // CNNVD: CNNVD-202104-434 // NVD: CVE-2021-1308

SOURCES

db:CNVDid:CNVD-2021-35514
db:VULMONid:CVE-2021-1308
db:JVNDBid:JVNDB-2021-005371
db:CNNVDid:CNNVD-202104-434
db:NVDid:CVE-2021-1308

LAST UPDATE DATE

2024-08-14T13:43:34.933000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-35514date:2021-05-19T00:00:00
db:VULMONid:CVE-2021-1308date:2021-04-15T00:00:00
db:JVNDBid:JVNDB-2021-005371date:2021-12-13T09:08:00
db:CNNVDid:CNNVD-202104-434date:2022-08-08T00:00:00
db:NVDid:CVE-2021-1308date:2023-11-07T03:27:55.717

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-35514date:2021-05-19T00:00:00
db:VULMONid:CVE-2021-1308date:2021-04-08T00:00:00
db:JVNDBid:JVNDB-2021-005371date:2021-12-13T00:00:00
db:CNNVDid:CNNVD-202104-434date:2021-04-07T00:00:00
db:NVDid:CVE-2021-1308date:2021-04-08T04:15:11.983