ID

VAR-202109-1039


CVE

CVE-2021-34703


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.53

sources: NVD: CVE-2021-34703 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-34703

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:lteversion:16.12.3

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:16.12.3

Trust: 1.0

sources: NVD: CVE-2021-34703

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-34703
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-1582
value: MEDIUM

Trust: 0.6

NVD: CVE-2021-34703
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2021-34703
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1582 // NVD: CVE-2021-34703

PROBLEMTYPE DATA

problemtype:CWE-665

Trust: 1.0

sources: NVD: CVE-2021-34703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1582

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1582

CONFIGURATIONS

sources: NVD: CVE-2021-34703

PATCH

title:Cisco IOS and Cisco IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163450

Trust: 0.6

sources: CNNVD: CNNVD-202109-1582

EXTERNAL IDS

db:NVDid:CVE-2021-34703

Trust: 1.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021092416

Trust: 0.6

db:AUSCERTid:ESB-2021.3181

Trust: 0.6

db:CNNVDid:CNNVD-202109-1582

Trust: 0.6

db:VULMONid:CVE-2021-34703

Trust: 0.1

sources: VULMON: CVE-2021-34703 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1582 // NVD: CVE-2021-34703

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-lldp-dos-sbnuhsjt

Trust: 2.3

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021092416

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3181

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-denial-of-service-via-lldp-36505

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-34703 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-1582 // NVD: CVE-2021-34703

SOURCES

db:VULMONid:CVE-2021-34703
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-1582
db:NVDid:CVE-2021-34703

LAST UPDATE DATE

2022-05-05T07:09:49.939000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-34703date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-1582date:2021-10-13T00:00:00
db:NVDid:CVE-2021-34703date:2021-10-25T18:09:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-34703date:2021-09-23T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-1582date:2021-09-22T00:00:00
db:NVDid:CVE-2021-34703date:2021-09-23T03:15:00