Details of VAR-202104-0882

ID

VAR-202104-0882

CVE

CVE-2021-1493

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The platform provides features such as highly secure access to data and network resources

Trust: 1.62

sources: NVD: CVE-2021-1493 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374547 // VULMON: CVE-2021-1493

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.13	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.7.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.14.2.8	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.6.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.12.4.13	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	lt	version:	6.4.0.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.8.4.34	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.15.1.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.9.2.85	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	lt	version:	9.13.1.21	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.5.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.15	Trust: 1.0
vendor:	cisco	model:	firepower threat defense	scope:	gte	version:	6.7.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	gte	version:	9.9	Trust: 1.0

sources: NVD: CVE-2021-1493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1493
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1493
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-2070
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374547
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-1493
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1493
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374547
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1493
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1493
baseSeverity:	HIGH
baseScore:	8.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.7
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374547 // VULMON: CVE-2021-1493 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2070 // NVD: CVE-2021-1493 // NVD: CVE-2021-1493

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.1

sources: VULHUB: VHN-374547 // NVD: CVE-2021-1493

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2070

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2070

PATCH

title:	Cisco Adaptive Security Appliances Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148777	Trust: 0.6
title:	Cisco: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-memc-dos-fncTyYKG	Trust: 0.1

sources: VULMON: CVE-2021-1493 // CNNVD: CNNVD-202104-2070

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1493	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021042830	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1468	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-2070	Trust: 0.6
db:	VULHUB	id:	VHN-374547	Trust: 0.1
db:	VULMON	id:	CVE-2021-1493	Trust: 0.1

sources: VULHUB: VHN-374547 // VULMON: CVE-2021-1493 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2070 // NVD: CVE-2021-1493

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-memc-dos-fnctyykg	Trust: 1.9
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042830	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1468	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asa-buffer-overflow-via-web-services-35188	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1493	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374547 // VULMON: CVE-2021-1493 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2070 // NVD: CVE-2021-1493

SOURCES

db:	VULHUB	id:	VHN-374547
db:	VULMON	id:	CVE-2021-1493
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-2070
db:	NVD	id:	CVE-2021-1493

LAST UPDATE DATE

2024-08-14T13:02:24.818000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374547	date:	2021-05-09T00:00:00
db:	VULMON	id:	CVE-2021-1493	date:	2021-05-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-2070	date:	2021-05-10T00:00:00
db:	NVD	id:	CVE-2021-1493	date:	2023-11-07T03:28:25.657

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374547	date:	2021-04-29T00:00:00
db:	VULMON	id:	CVE-2021-1493	date:	2021-04-29T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-2070	date:	2021-04-28T00:00:00
db:	NVD	id:	CVE-2021-1493	date:	2021-04-29T18:15:09.387