Details of VAR-202106-0907

ID

VAR-202106-0907

CVE

CVE-2021-1540

TITLE

Cisco ASR 5000 Unauthorized authentication vulnerability in series software

Trust: 0.8

sources: JVNDB: JVNDB-2021-001954

DESCRIPTION

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco ASR 5000 Series software (StarOS) Contains an improper authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco ASR 5000 is a 5000 series gateway product of Cisco (Cisco)

Trust: 2.25

sources: NVD: CVE-2021-1540 // JVNDB: JVNDB-2021-001954 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374594

AFFECTED PRODUCTS

vendor:	cisco	model:	staros	scope:	gte	version:	21.17.0	Trust: 1.0
vendor:	cisco	model:	staros	scope:	gte	version:	21.18.0	Trust: 1.0
vendor:	cisco	model:	staros	scope:	gte	version:	21.20.0	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.17.10	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.19.n7	Trust: 1.0
vendor:	cisco	model:	virtualized packet core	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.18.16	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.20.8	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.16.9	Trust: 1.0
vendor:	cisco	model:	staros	scope:	lt	version:	21.19.11	Trust: 1.0
vendor:	cisco	model:	staros	scope:	gte	version:	21.19.n	Trust: 1.0
vendor:	cisco	model:	staros	scope:	gte	version:	21.19.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco staros	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco virtualized packet core	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-001954 // NVD: CVE-2021-1540

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1540
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1540
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1540
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-125
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374594
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1540
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374594
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1540
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1540
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1540
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374594 // JVNDB: JVNDB-2021-001954 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-125 // NVD: CVE-2021-1540 // NVD: CVE-2021-1540

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	Bad authentication (CWE-863) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374594 // JVNDB: JVNDB-2021-001954 // NVD: CVE-2021-1540

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-125

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

cisco-sa-asr5k-autho-bypass-mJDF5S7n

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-autho-bypass-mJDF5S7n

Trust: 0.8

sources: JVNDB: JVNDB-2021-001954

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1540	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-001954	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060213	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1903	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-125	Trust: 0.6
db:	VULHUB	id:	VHN-374594	Trust: 0.1

sources: VULHUB: VHN-374594 // JVNDB: JVNDB-2021-001954 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-125 // NVD: CVE-2021-1540

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-asr5k-autho-bypass-mjdf5s7n	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1540	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-asr-5000-privilege-escalation-via-authorization-bypass-35593	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060213	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1903	Trust: 0.6

sources: VULHUB: VHN-374594 // JVNDB: JVNDB-2021-001954 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-125 // NVD: CVE-2021-1540

SOURCES

db:	VULHUB	id:	VHN-374594
db:	JVNDB	id:	JVNDB-2021-001954
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-125
db:	NVD	id:	CVE-2021-1540

LAST UPDATE DATE

2024-08-14T12:46:47.510000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374594	date:	2021-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-001954	date:	2021-07-06T02:54:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-125	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2021-1540	date:	2023-11-07T03:28:34.540

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374594	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-001954	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-125	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1540	date:	2021-06-04T17:15:09.917