ID

VAR-202105-0448


CVE

CVE-2021-1275


TITLE

Cisco SD-WAN vManage  Resource depletion vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2021-006517

DESCRIPTION

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage Software contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 2.34

sources: NVD: CVE-2021-1275 // JVNDB: JVNDB-2021-006517 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374329 // VULMON: CVE-2021-1275

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.4.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.5.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.3.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.5

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006517 // NVD: CVE-2021-1275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1275
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1275
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-1275
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-220
value: HIGH

Trust: 0.6

VULHUB: VHN-374329
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1275
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1275
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374329
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1275
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1275
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-1275
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374329 // VULMON: CVE-2021-1275 // JVNDB: JVNDB-2021-006517 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-220 // NVD: CVE-2021-1275 // NVD: CVE-2021-1275

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:CWE-20

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-374329 // JVNDB: JVNDB-2021-006517 // NVD: CVE-2021-1275

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-220

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-sd-wan-vmanage-4TbynnhZurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ

Trust: 0.8

title:Cisco SD-WAN vManage Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150537

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-vmanage-4TbynnhZ

Trust: 0.1

sources: VULMON: CVE-2021-1275 // JVNDB: JVNDB-2021-006517 // CNNVD: CNNVD-202105-220

EXTERNAL IDS

db:NVDid:CVE-2021-1275

Trust: 3.4

db:JVNDBid:JVNDB-2021-006517

Trust: 0.8

db:CNNVDid:CNNVD-202105-220

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1529

Trust: 0.6

db:CS-HELPid:SB2021050616

Trust: 0.6

db:VULHUBid:VHN-374329

Trust: 0.1

db:VULMONid:CVE-2021-1275

Trust: 0.1

sources: VULHUB: VHN-374329 // VULMON: CVE-2021-1275 // JVNDB: JVNDB-2021-006517 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-220 // NVD: CVE-2021-1275

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-vmanage-4tbynnhz

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1275

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050616

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1529

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374329 // VULMON: CVE-2021-1275 // JVNDB: JVNDB-2021-006517 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-220 // NVD: CVE-2021-1275

SOURCES

db:VULHUBid:VHN-374329
db:VULMONid:CVE-2021-1275
db:JVNDBid:JVNDB-2021-006517
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-220
db:NVDid:CVE-2021-1275

LAST UPDATE DATE

2024-08-14T12:16:10.799000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374329date:2021-05-13T00:00:00
db:VULMONid:CVE-2021-1275date:2021-05-13T00:00:00
db:JVNDBid:JVNDB-2021-006517date:2022-01-11T08:38:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-220date:2021-05-14T00:00:00
db:NVDid:CVE-2021-1275date:2023-11-07T03:27:50.800

SOURCES RELEASE DATE

db:VULHUBid:VHN-374329date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-1275date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006517date:2022-01-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-220date:2021-05-06T00:00:00
db:NVDid:CVE-2021-1275date:2021-05-06T13:15:09.817