Details of VAR-202107-0440

ID

VAR-202107-0440

CVE

CVE-2021-1614

TITLE

Cisco SD-WAN Software Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010208

DESCRIPTION

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information. Cisco SD-WAN Software Exists in unspecified vulnerabilities.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1614 // JVNDB: JVNDB-2021-010208 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374668 // VULMON: CVE-2021-1614

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	lt	version:	19.2.3	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	18.4.0	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.5	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.5.1	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.4	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.3.2	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	18.4.6	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.3	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.4.1	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	19.2.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010208 // NVD: CVE-2021-1614

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1614
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1614
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1614
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202107-1689
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374668
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1614
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374668
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1614
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1614
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374668 // JVNDB: JVNDB-2021-010208 // CNNVD: CNNVD-202107-1689 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1614 // NVD: CVE-2021-1614

PROBLEMTYPE DATA

problemtype:	CWE-126	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010208 // NVD: CVE-2021-1614

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1689

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-1689 // CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-sdw-mpls-infodisclos-MSSRFkZq	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq	Trust: 0.8
title:	Cisco SD-WAN vManage Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157295	Trust: 0.6
title:	Cisco: Cisco SD-WAN Software Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdw-mpls-infodisclos-MSSRFkZq	Trust: 0.1

sources: VULMON: CVE-2021-1614 // JVNDB: JVNDB-2021-010208 // CNNVD: CNNVD-202107-1689

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1614	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010208	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1689	Trust: 0.7
db:	CS-HELP	id:	SB2021072235	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2481	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-374668	Trust: 0.1
db:	VULMON	id:	CVE-2021-1614	Trust: 0.1

sources: VULHUB: VHN-374668 // VULMON: CVE-2021-1614 // JVNDB: JVNDB-2021-010208 // CNNVD: CNNVD-202107-1689 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1614

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdw-mpls-infodisclos-mssrfkzq	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1614	Trust: 1.4
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-software-information-disclosure-via-mpls-packet-35964	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072235	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2481	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374668 // VULMON: CVE-2021-1614 // JVNDB: JVNDB-2021-010208 // CNNVD: CNNVD-202107-1689 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1614

SOURCES

db:	VULHUB	id:	VHN-374668
db:	VULMON	id:	CVE-2021-1614
db:	JVNDB	id:	JVNDB-2021-010208
db:	CNNVD	id:	CNNVD-202107-1689
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-1614

LAST UPDATE DATE

2024-08-14T12:40:04.096000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374668	date:	2021-08-03T00:00:00
db:	VULMON	id:	CVE-2021-1614	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010208	date:	2022-06-24T05:24:00
db:	CNNVD	id:	CNNVD-202107-1689	date:	2021-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-1614	date:	2023-11-07T03:28:47.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374668	date:	2021-07-22T00:00:00
db:	VULMON	id:	CVE-2021-1614	date:	2021-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010208	date:	2022-06-24T00:00:00
db:	CNNVD	id:	CNNVD-202107-1689	date:	2021-07-21T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-1614	date:	2021-07-22T16:15:08.667