ID

VAR-202109-0243


CVE

CVE-2021-1615


TITLE

Cisco Embedded Wireless Controller  Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-012508

DESCRIPTION

A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP. Cisco Embedded Wireless Controller (EWC) There are unspecified vulnerabilities in the software.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-1615 // JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1615

AFFECTED PRODUCTS

vendor:ciscomodel:embedded wireless controllerscope:lteversion:17.6.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco embedded wireless controller ソフトウェアscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco embedded wireless controller ソフトウェアscope:eqversion:cisco embedded wireless controller software

Trust: 0.8

vendor:シスコシステムズmodel:cisco embedded wireless controller ソフトウェアscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-012508 // NVD: CVE-2021-1615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1615
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1615
value: HIGH

Trust: 1.0

NVD: CVE-2021-1615
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1580
value: HIGH

Trust: 0.6

VULMON: CVE-2021-1615
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1615
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-1615
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 2.0

NVD: CVE-2021-1615
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-1615 // JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1580 // NVD: CVE-2021-1615 // NVD: CVE-2021-1615

PROBLEMTYPE DATA

problemtype:CWE-410

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-012508 // NVD: CVE-2021-1615

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1580

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1580

PATCH

title:cisco-sa-iosxe-ewc-dos-g6JruHRTurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT

Trust: 0.8

title:Cisco EWC Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164741

Trust: 0.6

sources: JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202109-1580

EXTERNAL IDS

db:NVDid:CVE-2021-1615

Trust: 3.3

db:JVNDBid:JVNDB-2021-012508

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021092314

Trust: 0.6

db:AUSCERTid:ESB-2021.3178

Trust: 0.6

db:CNNVDid:CNNVD-202109-1580

Trust: 0.6

db:VULMONid:CVE-2021-1615

Trust: 0.1

sources: VULMON: CVE-2021-1615 // JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1580 // NVD: CVE-2021-1615

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-ewc-dos-g6jruhrt

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1615

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3178

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092314

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-1615 // JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1580 // NVD: CVE-2021-1615

SOURCES

db:VULMONid:CVE-2021-1615
db:JVNDBid:JVNDB-2021-012508
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-1580
db:NVDid:CVE-2021-1615

LAST UPDATE DATE

2024-08-14T12:58:22.845000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-1615date:2021-09-30T00:00:00
db:JVNDBid:JVNDB-2021-012508date:2022-09-01T05:24:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-1580date:2022-07-11T00:00:00
db:NVDid:CVE-2021-1615date:2023-11-07T03:28:47.423

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-1615date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2021-012508date:2022-09-01T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-1580date:2021-09-22T00:00:00
db:NVDid:CVE-2021-1615date:2021-09-23T03:15:12.470