ID

VAR-202104-0381


CVE

CVE-2021-1309


TITLE

Cisco Small Business RV  Series router   Buffer Error Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-005331

DESCRIPTION

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)

Trust: 2.25

sources: NVD: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-35515

AFFECTED PRODUCTS

vendor:ciscomodel:rv132wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv132wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv134wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv260scope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv260pscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv260pscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv340wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv160scope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv160scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv132wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv260pscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv160wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv345pscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv345pscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv160scope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv260wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv260wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv340scope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv340scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv345pscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv134wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv134wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv345scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv260wscope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv345scope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv340wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv260scope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv260scope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv340wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:ciscomodel:rv340scope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv345scope:eqversion:1.0.0.14

Trust: 1.0

vendor:ciscomodel:rv160wscope:eqversion:1.0.1.20

Trust: 1.0

vendor:ciscomodel:rv160wscope:eqversion:1.0.1.14

Trust: 1.0

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260p vpn router with poescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv134w vdsl2 wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv132w adsl2+ wireless-n vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:link layer discovery protocolscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-35515 // JVNDB: JVNDB-2021-005331 // NVD: CVE-2021-1309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1309
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1309
value: HIGH

Trust: 1.0

NVD: CVE-2021-1309
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-35515
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-441
value: HIGH

Trust: 0.6

VULMON: CVE-2021-1309
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1309
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-35515
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1309
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1309
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-1309
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNNVD: CNNVD-202104-441 // NVD: CVE-2021-1309 // NVD: CVE-2021-1309

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-005331 // NVD: CVE-2021-1309

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-441

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-441

PATCH

title:cisco-sa-rv-multi-lldp-u7e4chCeurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe

Trust: 0.8

title:Patch for Cisco Link Layer Discovery Protocol buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/265671

Trust: 0.6

title:Cisco Link Layer Discovery Protocol Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147023

Trust: 0.6

title:Cisco: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-multi-lldp-u7e4chCe

Trust: 0.1

sources: CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNNVD: CNNVD-202104-441

EXTERNAL IDS

db:NVDid:CVE-2021-1309

Trust: 3.9

db:JVNDBid:JVNDB-2021-005331

Trust: 0.8

db:CNVDid:CNVD-2021-35515

Trust: 0.6

db:AUSCERTid:ESB-2021.1171.3

Trust: 0.6

db:CNNVDid:CNNVD-202104-441

Trust: 0.6

db:VULMONid:CVE-2021-1309

Trust: 0.1

sources: CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNNVD: CNNVD-202104-441 // NVD: CVE-2021-1309

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1309

Trust: 2.0

url:https://www.auscert.org.au/bulletins/esb-2021.1171.3

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNNVD: CNNVD-202104-441 // NVD: CVE-2021-1309

SOURCES

db:CNVDid:CNVD-2021-35515
db:VULMONid:CVE-2021-1309
db:JVNDBid:JVNDB-2021-005331
db:CNNVDid:CNNVD-202104-441
db:NVDid:CVE-2021-1309

LAST UPDATE DATE

2024-08-14T13:43:34.900000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-35515date:2021-05-19T00:00:00
db:VULMONid:CVE-2021-1309date:2021-04-14T00:00:00
db:JVNDBid:JVNDB-2021-005331date:2021-12-13T02:45:00
db:CNNVDid:CNNVD-202104-441date:2022-08-08T00:00:00
db:NVDid:CVE-2021-1309date:2023-11-07T03:27:55.893

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-35515date:2021-05-19T00:00:00
db:VULMONid:CVE-2021-1309date:2021-04-08T00:00:00
db:JVNDBid:JVNDB-2021-005331date:2021-12-13T00:00:00
db:CNNVDid:CNNVD-202104-441date:2021-04-07T00:00:00
db:NVDid:CVE-2021-1309date:2021-04-08T04:15:12.063