ID

VAR-202104-0882


CVE

CVE-2021-1493


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The platform provides features such as highly secure access to data and network resources

Trust: 1.62

sources: NVD: CVE-2021-1493 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374547 // VULMON: CVE-2021-1493

AFFECTED PRODUCTS

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.8

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.14

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.13

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.7.0.1

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.14.2.8

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.6.3

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.12.4.13

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:ltversion:6.4.0.12

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.8.4.34

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.10

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.15.1.7

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.9.2.85

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:ltversion:9.13.1.21

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.5.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.15

Trust: 1.0

vendor:ciscomodel:firepower threat defensescope:gteversion:6.7.0

Trust: 1.0

vendor:ciscomodel:adaptive security appliance softwarescope:gteversion:9.9

Trust: 1.0

sources: NVD: CVE-2021-1493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1493
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1493
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-2070
value: HIGH

Trust: 0.6

VULHUB: VHN-374547
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1493
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1493
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374547
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1493
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1493
baseSeverity: HIGH
baseScore: 8.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 4.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-374547 // VULMON: CVE-2021-1493 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2070 // NVD: CVE-2021-1493 // NVD: CVE-2021-1493

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.1

sources: VULHUB: VHN-374547 // NVD: CVE-2021-1493

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2070

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2070

PATCH

title:Cisco Adaptive Security Appliances Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148777

Trust: 0.6

title:Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-memc-dos-fncTyYKG

Trust: 0.1

sources: VULMON: CVE-2021-1493 // CNNVD: CNNVD-202104-2070

EXTERNAL IDS

db:NVDid:CVE-2021-1493

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042830

Trust: 0.6

db:AUSCERTid:ESB-2021.1468

Trust: 0.6

db:CNNVDid:CNNVD-202104-2070

Trust: 0.6

db:VULHUBid:VHN-374547

Trust: 0.1

db:VULMONid:CVE-2021-1493

Trust: 0.1

sources: VULHUB: VHN-374547 // VULMON: CVE-2021-1493 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2070 // NVD: CVE-2021-1493

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-memc-dos-fnctyykg

Trust: 1.9

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042830

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1468

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-asa-buffer-overflow-via-web-services-35188

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1493

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374547 // VULMON: CVE-2021-1493 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2070 // NVD: CVE-2021-1493

SOURCES

db:VULHUBid:VHN-374547
db:VULMONid:CVE-2021-1493
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-2070
db:NVDid:CVE-2021-1493

LAST UPDATE DATE

2024-08-14T13:02:24.818000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374547date:2021-05-09T00:00:00
db:VULMONid:CVE-2021-1493date:2021-05-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-2070date:2021-05-10T00:00:00
db:NVDid:CVE-2021-1493date:2023-11-07T03:28:25.657

SOURCES RELEASE DATE

db:VULHUBid:VHN-374547date:2021-04-29T00:00:00
db:VULMONid:CVE-2021-1493date:2021-04-29T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-2070date:2021-04-28T00:00:00
db:NVDid:CVE-2021-1493date:2021-04-29T18:15:09.387