Details of VAR-202104-0381

ID

VAR-202104-0381

CVE

CVE-2021-1309

TITLE

Cisco Small Business RV Series router Buffer Error Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-005331

DESCRIPTION

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)

Trust: 2.25

sources: NVD: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-35515

AFFECTED PRODUCTS

vendor:	cisco	model:	rv132w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv132w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv134w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv260	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv260p	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv260p	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv340w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv160	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv160	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv132w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv260p	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv160w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv345p	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv345p	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv160	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv260w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv260w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv345p	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv134w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv134w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv260w	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv340w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv260	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv260	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv340w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	cisco	model:	rv340	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv345	scope:	eq	version:	1.0.0.14	Trust: 1.0
vendor:	cisco	model:	rv160w	scope:	eq	version:	1.0.1.20	Trust: 1.0
vendor:	cisco	model:	rv160w	scope:	eq	version:	1.0.1.14	Trust: 1.0
vendor:	シスコシステムズ	model:	rv345 dual wan gigabit vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv160 vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv260p vpn router with poe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv260w wireless-ac vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv260 vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco rv134w vdsl2 wireless-ac vpn ルータ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv340 dual wan gigabit vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv160w wireless-ac vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco rv132w adsl2+ wireless-n vpn ルータ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv345p dual wan gigabit poe vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	link layer discovery protocol	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-35515 // JVNDB: JVNDB-2021-005331 // NVD: CVE-2021-1309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1309
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1309
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1309
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-35515
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-441
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-1309
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1309
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-35515
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1309
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1309
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1309
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNNVD: CNNVD-202104-441 // NVD: CVE-2021-1309 // NVD: CVE-2021-1309

PROBLEMTYPE DATA

problemtype:	CWE-401	Trust: 1.0
problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-005331 // NVD: CVE-2021-1309

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-441

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202104-441

PATCH

title:	cisco-sa-rv-multi-lldp-u7e4chCe	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe	Trust: 0.8
title:	Patch for Cisco Link Layer Discovery Protocol buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/265671	Trust: 0.6
title:	Cisco Link Layer Discovery Protocol Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147023	Trust: 0.6
title:	Cisco: Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-multi-lldp-u7e4chCe	Trust: 0.1

sources: CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNNVD: CNNVD-202104-441

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1309	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-005331	Trust: 0.8
db:	CNVD	id:	CNVD-2021-35515	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1171.3	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-441	Trust: 0.6
db:	VULMON	id:	CVE-2021-1309	Trust: 0.1

sources: CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNNVD: CNNVD-202104-441 // NVD: CVE-2021-1309

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-multi-lldp-u7e4chce	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1309	Trust: 2.0
url:	https://www.auscert.org.au/bulletins/esb-2021.1171.3	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-35515 // VULMON: CVE-2021-1309 // JVNDB: JVNDB-2021-005331 // CNNVD: CNNVD-202104-441 // NVD: CVE-2021-1309

SOURCES

db:	CNVD	id:	CNVD-2021-35515
db:	VULMON	id:	CVE-2021-1309
db:	JVNDB	id:	JVNDB-2021-005331
db:	CNNVD	id:	CNNVD-202104-441
db:	NVD	id:	CVE-2021-1309

LAST UPDATE DATE

2024-08-14T13:43:34.900000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-35515	date:	2021-05-19T00:00:00
db:	VULMON	id:	CVE-2021-1309	date:	2021-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-005331	date:	2021-12-13T02:45:00
db:	CNNVD	id:	CNNVD-202104-441	date:	2022-08-08T00:00:00
db:	NVD	id:	CVE-2021-1309	date:	2023-11-07T03:27:55.893

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-35515	date:	2021-05-19T00:00:00
db:	VULMON	id:	CVE-2021-1309	date:	2021-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-005331	date:	2021-12-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-441	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-1309	date:	2021-04-08T04:15:12.063