Sign-up

ID

VAR-202109-0606


CVE

CVE-2021-34714


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.53

sources: NVD: CVE-2021-34714 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-34714

AFFECTED PRODUCTS

vendor:ciscomodel:fxosscope:gteversion:2.6

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.9

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:4.1\(1a\)a

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:4.1\(1a\)a

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.2.2.148

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.7

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.3

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.8

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:8.4\(3.115\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.6.1.224

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:4.1\(1a\)a

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.7.1.143

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:8.4\(3.115\)

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:8.4\(3.115\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:ios xrscope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.4

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.3.1.216

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:2.2

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.8.1.143

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:8.4\(3.115\)

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:4.1\(1a\)a

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:3.2\(3o\)a

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:7.0\(3\)i7\(9\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.4.1.273

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:7.3\(8\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.9.1.135

Trust: 1.0

vendor:ciscomodel:fx-osscope:lteversion:8.4\(3.115\)

Trust: 1.0

sources: NVD: CVE-2021-34714

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-34714
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1581
value: HIGH

Trust: 0.6

NVD: CVE-2021-34714
severity: MEDIUM
baseScore: 5.7
vectorString: AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 6.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-34714
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1581 // NVD: CVE-2021-34714

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2021-34714

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-1581

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2021-34714

PATCH
title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163449
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202109-1581

EXTERNAL IDS
db:NVDid:CVE-2021-34714
Trust: 1.7
db:CS-HELPid:SB2021041363
Trust: 0.6
db:CNNVDid:CNNVD-202104-975
Trust: 0.6
db:CS-HELPid:SB2021092427
Trust: 0.6
db:AUSCERTid:ESB-2021.3184
Trust: 0.6
db:CNNVDid:CNNVD-202109-1581
Trust: 0.6
db:VULMONid:CVE-2021-34714
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-34714 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202109-1581 // 
            
            
            
            NVD: CVE-2021-34714

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ios-nxos-xr-udld-dos-w5hghgtq
Trust: 2.3
url:https://www.cybersecurity-help.cz/vdb/sb2021041363
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021092427
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-xe-xr-nexus-ucs-denial-of-service-via-unidirectional-link-detection-36499
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.3184
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2021-34714 // 
            
            
            
            CNNVD: CNNVD-202104-975 // 
            
            
            
            CNNVD: CNNVD-202109-1581 // 
            
            
            
            NVD: CVE-2021-34714

SOURCES
db:VULMONid:CVE-2021-34714
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-1581
db:NVDid:CVE-2021-34714

LAST UPDATE DATE
2022-05-04T07:26:21.074000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2021-34714date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-1581date:2021-10-14T00:00:00
db:NVDid:CVE-2021-34714date:2021-10-13T13:09:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2021-34714date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-1581date:2021-09-22T00:00:00
db:NVDid:CVE-2021-34714date:2021-09-23T03:15:00