ID

VAR-202109-0606


CVE

CVE-2021-34714


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.53

sources: NVD: CVE-2021-34714 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-34714

AFFECTED PRODUCTS

vendor:ciscomodel:fxosscope:gteversion:2.6

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.9

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:4.1\(1a\)a

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:4.1\(1a\)a

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.2.2.148

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.7

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.3

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.8

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:8.4\(3.115\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.6.1.224

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:4.1\(1a\)a

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.7.1.143

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:8.4\(3.115\)

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:8.4\(3.115\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.4

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.3.1.216

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.2

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.8.1.143

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:8.4\(3.115\)

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:4.1\(1a\)a

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.4.1.273

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.9.1.135

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:8.4\(3.115\)

Trust: 1.0

sources: NVD: CVE-2021-34714

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-34714
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1581
value: HIGH

Trust: 0.6

NVD: CVE-2021-34714
severity: MEDIUM
baseScore: 5.7
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 6.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-34714
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1581 // NVD: CVE-2021-34714

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2021-34714

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1581

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-34714

PATCH

title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163449

Trust: 0.6

sources: CNNVD: CNNVD-202109-1581

EXTERNAL IDS

db:NVDid:CVE-2021-34714

Trust: 1.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021092427

Trust: 0.6

db:AUSCERTid:ESB-2021.3184

Trust: 0.6

db:CNNVDid:CNNVD-202109-1581

Trust: 0.6

db:VULMONid:CVE-2021-34714

Trust: 0.1

sources: VULMON: CVE-2021-34714 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1581 // NVD: CVE-2021-34714

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-nxos-xr-udld-dos-w5hghgtq

Trust: 2.3

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092427

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-xr-nexus-ucs-denial-of-service-via-unidirectional-link-detection-36499

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3184

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-34714 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1581 // NVD: CVE-2021-34714

SOURCES

db:VULMONid:CVE-2021-34714
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-1581
db:NVDid:CVE-2021-34714

LAST UPDATE DATE

2022-05-04T07:26:21.074000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-34714date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-1581date:2021-10-14T00:00:00
db:NVDid:CVE-2021-34714date:2021-10-13T13:09:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-34714date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-1581date:2021-09-22T00:00:00
db:NVDid:CVE-2021-34714date:2021-09-23T03:15:00