ID

VAR-202109-0240


CVE

CVE-2021-1565


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-1565 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374619 // VULMON: CVE-2021-1565

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.15.2xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.2

Trust: 1.0

vendor:ciscomodel:catalyst 9800scope:eqversion:17.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.15.1xbs

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1

Trust: 1.0

vendor:ciscomodel:catalyst 9800scope:eqversion:17.3

Trust: 1.0

vendor:ciscomodel:embedded wireless controllerscope:eqversion:*

Trust: 1.0

sources: NVD: CVE-2021-1565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1565
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1565
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1558
value: HIGH

Trust: 0.6

VULHUB: VHN-374619
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1565
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-374619
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1565
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-374619 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1558 // NVD: CVE-2021-1565 // NVD: CVE-2021-1565

PROBLEMTYPE DATA

problemtype:CWE-415

Trust: 1.1

sources: VULHUB: VHN-374619 // NVD: CVE-2021-1565

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1558

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Cisco IOS XE Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164050

Trust: 0.6

sources: CNNVD: CNNVD-202109-1558

EXTERNAL IDS

db:NVDid:CVE-2021-1565

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021092407

Trust: 0.6

db:AUSCERTid:ESB-2021.3180

Trust: 0.6

db:CNNVDid:CNNVD-202109-1558

Trust: 0.6

db:VULHUBid:VHN-374619

Trust: 0.1

db:VULMONid:CVE-2021-1565

Trust: 0.1

sources: VULHUB: VHN-374619 // VULMON: CVE-2021-1565 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1558 // NVD: CVE-2021-1565

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ewlc-capwap-dos-gmnjdkoy

Trust: 2.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1565

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092407

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3180

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-capwap-36493

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374619 // VULMON: CVE-2021-1565 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1558 // NVD: CVE-2021-1565

SOURCES

db:VULHUBid:VHN-374619
db:VULMONid:CVE-2021-1565
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-1558
db:NVDid:CVE-2021-1565

LAST UPDATE DATE

2024-08-14T12:50:19.211000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374619date:2021-10-07T00:00:00
db:VULMONid:CVE-2021-1565date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-1558date:2021-10-08T00:00:00
db:NVDid:CVE-2021-1565date:2023-11-07T03:28:38.697

SOURCES RELEASE DATE

db:VULHUBid:VHN-374619date:2021-09-23T00:00:00
db:VULMONid:CVE-2021-1565date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-1558date:2021-09-22T00:00:00
db:NVDid:CVE-2021-1565date:2021-09-23T03:15:11.407