Details of VAR-202109-0243

ID

VAR-202109-0243

CVE

CVE-2021-1615

TITLE

Cisco Embedded Wireless Controller Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-012508

DESCRIPTION

A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP. Cisco Embedded Wireless Controller (EWC) There are unspecified vulnerabilities in the software.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-1615 // JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1615

AFFECTED PRODUCTS

vendor:	cisco	model:	embedded wireless controller	scope:	lte	version:	17.6.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco embedded wireless controller ソフトウェア	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco embedded wireless controller ソフトウェア	scope:	eq	version:	cisco embedded wireless controller software	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco embedded wireless controller ソフトウェア	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012508 // NVD: CVE-2021-1615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1615
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1615
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1615
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1580
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-1615
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1615
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-1615
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1615
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-1615 // JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1580 // NVD: CVE-2021-1615 // NVD: CVE-2021-1615

PROBLEMTYPE DATA

problemtype:	CWE-410	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-012508 // NVD: CVE-2021-1615

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1580

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1580

PATCH

title:	cisco-sa-iosxe-ewc-dos-g6JruHRT	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT	Trust: 0.8
title:	Cisco EWC Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=164741	Trust: 0.6

sources: JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202109-1580

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1615	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-012508	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021092314	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3178	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1580	Trust: 0.6
db:	VULMON	id:	CVE-2021-1615	Trust: 0.1

sources: VULMON: CVE-2021-1615 // JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1580 // NVD: CVE-2021-1615

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-ewc-dos-g6jruhrt	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1615	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3178	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092314	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-1615 // JVNDB: JVNDB-2021-012508 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1580 // NVD: CVE-2021-1615

SOURCES

db:	VULMON	id:	CVE-2021-1615
db:	JVNDB	id:	JVNDB-2021-012508
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1580
db:	NVD	id:	CVE-2021-1615

LAST UPDATE DATE

2024-08-14T12:58:22.845000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-1615	date:	2021-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-012508	date:	2022-09-01T05:24:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1580	date:	2022-07-11T00:00:00
db:	NVD	id:	CVE-2021-1615	date:	2023-11-07T03:28:47.423

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-1615	date:	2021-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-012508	date:	2022-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1580	date:	2021-09-22T00:00:00
db:	NVD	id:	CVE-2021-1615	date:	2021-09-23T03:15:12.470