ID

VAR-202109-0238


CVE

CVE-2021-1625


TITLE

Cisco Systems  Cisco IOS XE  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021094

DESCRIPTION

A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP responder-to-initiator flows are not inspected when the Zone-Based Policy Firewall has either Unified Threat Defense (UTD) or Application Quality of Experience (AppQoE) configured. An attacker could exploit this vulnerability by attempting to send UDP or ICMP flows through the network. A successful exploit could allow the attacker to inject traffic through the Zone-Based Policy Firewall, resulting in traffic being dropped because it is incorrectly classified or in incorrect reporting figures being produced by high-speed logging (HSL). Cisco Systems Cisco IOS XE Exists in unspecified vulnerabilities.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1625 // JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374679 // VULMON: CVE-2021-1625

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:ltversion:17.3.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope:eqversion:17.3.2

Trust: 0.8

sources: JVNDB: JVNDB-2021-021094 // NVD: CVE-2021-1625

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1625
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1625
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1625
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1568
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374679
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1625
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374679
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1625
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-1625
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374679 // JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1568 // NVD: CVE-2021-1625 // NVD: CVE-2021-1625

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-021094 // NVD: CVE-2021-1625

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1568

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1568

PATCH

title:cisco-sa-zbfw-pP9jfzwLurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-pP9jfzwL

Trust: 0.8

title:Cisco IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164617

Trust: 0.6

sources: JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202109-1568

EXTERNAL IDS

db:NVDid:CVE-2021-1625

Trust: 3.4

db:JVNDBid:JVNDB-2021-021094

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021092426

Trust: 0.6

db:AUSCERTid:ESB-2021.3180

Trust: 0.6

db:CNNVDid:CNNVD-202109-1568

Trust: 0.6

db:VULHUBid:VHN-374679

Trust: 0.1

db:VULMONid:CVE-2021-1625

Trust: 0.1

sources: VULHUB: VHN-374679 // VULMON: CVE-2021-1625 // JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1568 // NVD: CVE-2021-1625

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-zbfw-pp9jfzwl

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1625

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092426

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-ingress-filtrering-bypass-via-zone-based-policy-firewall-36513

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3180

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374679 // VULMON: CVE-2021-1625 // JVNDB: JVNDB-2021-021094 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1568 // NVD: CVE-2021-1625

SOURCES

db:VULHUBid:VHN-374679
db:VULMONid:CVE-2021-1625
db:JVNDBid:JVNDB-2021-021094
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-1568
db:NVDid:CVE-2021-1625

LAST UPDATE DATE

2024-08-14T13:09:33.971000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374679date:2021-10-05T00:00:00
db:VULMONid:CVE-2021-1625date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2021-021094date:2024-07-17T08:19:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-1568date:2021-10-08T00:00:00
db:NVDid:CVE-2021-1625date:2023-11-07T03:28:49.697

SOURCES RELEASE DATE

db:VULHUBid:VHN-374679date:2021-09-23T00:00:00
db:VULMONid:CVE-2021-1625date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2021-021094date:2024-07-17T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-1568date:2021-09-22T00:00:00
db:NVDid:CVE-2021-1625date:2021-09-23T03:15:13.733