Details of VAR-202109-0245

ID

VAR-202109-0245

CVE

CVE-2021-1619

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-1619 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374673 // VULMON: CVE-2021-1619

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.5	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.5 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1y	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1c when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.3 when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1 when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1d when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.2	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1c when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1e when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.3 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1d when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.6 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1s when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.4 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3a when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1d when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4s	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1a when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.6	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1b when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1a when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1b	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.1 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.6 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.3 when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1d	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.6 when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1a when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1c	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1d when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.2r when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1a when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1d when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1b when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.4 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3a when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.4 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.9	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1z1	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.5 when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.2 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1f	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1c when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.4 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.5 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.2r when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.2r when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1d when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1b when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.1 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.5 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1b	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.2 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.2 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.4 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1b when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1e when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.3 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.6	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3a when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.4 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1d when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1r	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.7	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.6 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.4 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1e when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3b when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1s when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b1 when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.5 when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.3 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2t	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1a when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2s	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1f when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.4 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1e when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.4 when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.4 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.2 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b1 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.5 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.8	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.3 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b1 when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1a when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.3 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.4 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.3 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1g	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1c	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.2 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3b when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1d when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1a when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.4a when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1 when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.1 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1s when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.2r when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.2r when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.11	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1c	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3a when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.5 when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1a when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.2	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.4 when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3b when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.3 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.6	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.3	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.2 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3a when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1s when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.4 when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.3	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1a when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1c when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.4	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.2	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.1 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b1 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.10	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3b when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.4 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.5 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.1 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1a	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.1 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.5 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1e when installed on 1100 series industrial integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.4a when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1w	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1a when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1e when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1s when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.5 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1x	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3b when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.2r when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.1 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.2 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.6 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.3 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1a when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.5 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1z	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.3 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.9	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1za	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1c when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b1 when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1d	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.10.1 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.11.1b when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3h	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b when installed on 1000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.4 when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.4a when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b when installed on integrated services virtual	scope:	eq	version:	router	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1e	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1c when installed on cloud services router 1000v	scope:	eq	version:	series	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.9.2 when installed on asr 1000 series aggregation services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios xe sd-wan 16.12.1b1 when installed on 4000 series integrated services	scope:	eq	version:	routers	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.8	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5f	Trust: 1.0

sources: NVD: CVE-2021-1619

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1619
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1619
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-1562
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-374673
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1619
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1619
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374673
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1619
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1619
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374673 // VULMON: CVE-2021-1619 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1562 // NVD: CVE-2021-1619 // NVD: CVE-2021-1619

PROBLEMTYPE DATA

problemtype:	CWE-908	Trust: 1.1
problemtype:	CWE-824	Trust: 1.0

sources: VULHUB: VHN-374673 // NVD: CVE-2021-1619

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1562

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Cisco IOS XE Software Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163443	Trust: 0.6
title:	Cisco: Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-aaa-Yx47ZT8Q	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/critical-cisco-bugs-wireless-sd-wan/174991/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/cisco-fixes-highly-critical-vulnerabilities-in-ios-xe-software/	Trust: 0.1

sources: VULMON: CVE-2021-1619 // CNNVD: CNNVD-202109-1562

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1619	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021092307	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3180	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-1562	Trust: 0.6
db:	VULHUB	id:	VHN-374673	Trust: 0.1
db:	VULMON	id:	CVE-2021-1619	Trust: 0.1

sources: VULHUB: VHN-374673 // VULMON: CVE-2021-1619 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1562 // NVD: CVE-2021-1619

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-aaa-yx47zt8q	Trust: 2.5
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-privilege-escalation-via-netconf-restconf-36487	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092307	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3180	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1619	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/824.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/critical-cisco-bugs-wireless-sd-wan/174991/	Trust: 0.1

sources: VULHUB: VHN-374673 // VULMON: CVE-2021-1619 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1562 // NVD: CVE-2021-1619

SOURCES

db:	VULHUB	id:	VHN-374673
db:	VULMON	id:	CVE-2021-1619
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-1562
db:	NVD	id:	CVE-2021-1619

LAST UPDATE DATE

2024-08-14T12:19:52.965000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374673	date:	2022-07-08T00:00:00
db:	VULMON	id:	CVE-2021-1619	date:	2021-10-07T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-1562	date:	2022-07-11T00:00:00
db:	NVD	id:	CVE-2021-1619	date:	2023-11-07T03:28:48.147

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374673	date:	2021-09-23T00:00:00
db:	VULMON	id:	CVE-2021-1619	date:	2021-09-23T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-1562	date:	2021-09-22T00:00:00
db:	NVD	id:	CVE-2021-1619	date:	2021-09-23T03:15:12.820