Details of VAR-202109-0240

ID

VAR-202109-0240

CVE

CVE-2021-1565

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-1565 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374619 // VULMON: CVE-2021-1565

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2	Trust: 1.0
vendor:	cisco	model:	catalyst 9800	scope:	eq	version:	17.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1	Trust: 1.0
vendor:	cisco	model:	catalyst 9800	scope:	eq	version:	17.3	Trust: 1.0
vendor:	cisco	model:	embedded wireless controller	scope:	eq	version:	*	Trust: 1.0

sources: NVD: CVE-2021-1565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1565
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1565
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1558
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374619
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1565
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-374619
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1565
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-374619 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1558 // NVD: CVE-2021-1565 // NVD: CVE-2021-1565

PROBLEMTYPE DATA

problemtype:

CWE-415

Trust: 1.1

sources: VULHUB: VHN-374619 // NVD: CVE-2021-1565

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1558

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Cisco IOS XE Software Remediation of resource management error vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164050

Trust: 0.6

sources: CNNVD: CNNVD-202109-1558

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1565	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021092407	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3180	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1558	Trust: 0.6
db:	VULHUB	id:	VHN-374619	Trust: 0.1
db:	VULMON	id:	CVE-2021-1565	Trust: 0.1

sources: VULHUB: VHN-374619 // VULMON: CVE-2021-1565 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1558 // NVD: CVE-2021-1565

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ewlc-capwap-dos-gmnjdkoy	Trust: 2.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1565	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092407	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3180	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-capwap-36493	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374619 // VULMON: CVE-2021-1565 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1558 // NVD: CVE-2021-1565

SOURCES

db:	VULHUB	id:	VHN-374619
db:	VULMON	id:	CVE-2021-1565
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1558
db:	NVD	id:	CVE-2021-1565

LAST UPDATE DATE

2024-08-14T12:50:19.211000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374619	date:	2021-10-07T00:00:00
db:	VULMON	id:	CVE-2021-1565	date:	2021-09-23T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1558	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2021-1565	date:	2023-11-07T03:28:38.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374619	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2021-1565	date:	2021-09-23T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1558	date:	2021-09-22T00:00:00
db:	NVD	id:	CVE-2021-1565	date:	2021-09-23T03:15:11.407