Details of VAR-202109-0238

ID

VAR-202109-0238

CVE

CVE-2021-1625

TITLE

Cisco Systems Cisco IOS XE Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021094

DESCRIPTION

A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP responder-to-initiator flows are not inspected when the Zone-Based Policy Firewall has either Unified Threat Defense (UTD) or Application Quality of Experience (AppQoE) configured. An attacker could exploit this vulnerability by attempting to send UDP or ICMP flows through the network. A successful exploit could allow the attacker to inject traffic through the Zone-Based Policy Firewall, resulting in traffic being dropped because it is incorrectly classified or in incorrect reporting figures being produced by high-speed logging (HSL). Cisco Systems Cisco IOS XE Exists in unspecified vulnerabilities.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1625 // JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374679 // VULMON: CVE-2021-1625

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	lt	version:	17.3.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	17.3.2	Trust: 0.8

sources: JVNDB: JVNDB-2021-021094 // NVD: CVE-2021-1625

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1625
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1625
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1625
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1568
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374679
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1625
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374679
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1625
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1625
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374679 // JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1568 // NVD: CVE-2021-1625 // NVD: CVE-2021-1625

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-021094 // NVD: CVE-2021-1625

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1568

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1568

PATCH

title:	cisco-sa-zbfw-pP9jfzwL	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-pP9jfzwL	Trust: 0.8
title:	Cisco IOS XE Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164617	Trust: 0.6

sources: JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202109-1568

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1625	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-021094	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021092426	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3180	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1568	Trust: 0.6
db:	VULHUB	id:	VHN-374679	Trust: 0.1
db:	VULMON	id:	CVE-2021-1625	Trust: 0.1

sources: VULHUB: VHN-374679 // VULMON: CVE-2021-1625 // JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1568 // NVD: CVE-2021-1625

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-zbfw-pp9jfzwl	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1625	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092426	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-ingress-filtrering-bypass-via-zone-based-policy-firewall-36513	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3180	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374679 // VULMON: CVE-2021-1625 // JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1568 // NVD: CVE-2021-1625

SOURCES

db:	VULHUB	id:	VHN-374679
db:	VULMON	id:	CVE-2021-1625
db:	JVNDB	id:	JVNDB-2021-021094
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1568
db:	NVD	id:	CVE-2021-1625

LAST UPDATE DATE

2024-08-14T13:09:33.971000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374679	date:	2021-10-05T00:00:00
db:	VULMON	id:	CVE-2021-1625	date:	2021-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-021094	date:	2024-07-17T08:19:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1568	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2021-1625	date:	2023-11-07T03:28:49.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374679	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2021-1625	date:	2021-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-021094	date:	2024-07-17T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1568	date:	2021-09-22T00:00:00
db:	NVD	id:	CVE-2021-1625	date:	2021-09-23T03:15:13.733