ID

VAR-202111-0413


CVE

CVE-2021-40120


TITLE

plural  Cisco Small Business RV  series router   In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-014456

DESCRIPTION

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as a user with root-level privileges. (DoS) It may be in a state. Cisco Small Business RV Series Routers is an RV series router from Cisco (Cisco) in the United States

Trust: 2.25

sources: NVD: CVE-2021-40120 // JVNDB: JVNDB-2021-014456 // CNVD: CNVD-2021-103092 // VULHUB: VHN-401513

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-103092

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:4.2.3.06

Trust: 1.0

vendor:ciscomodel:application extension platformscope:eqversion:1.5.1.13

Trust: 1.0

vendor:シスコシステムズmodel:application extension platformscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xrscope: - version: -

Trust: 0.8

vendor:ciscomodel:small business rv series routersscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-103092 // JVNDB: JVNDB-2021-014456 // NVD: CVE-2021-40120

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40120
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-40120
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-40120
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-103092
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202111-371
value: HIGH

Trust: 0.6

VULHUB: VHN-401513
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-40120
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-103092
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-401513
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-40120
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-40120
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-40120
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-103092 // VULHUB: VHN-401513 // JVNDB: JVNDB-2021-014456 // CNNVD: CNNVD-202111-371 // NVD: CVE-2021-40120 // NVD: CVE-2021-40120

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401513 // JVNDB: JVNDB-2021-014456 // NVD: CVE-2021-40120

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-371

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202111-371

PATCH

title:cisco-sa-sbrv-cmdinjection-Z5cWFdKurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbrv-cmdinjection-Z5cWFdK

Trust: 0.8

title:Patch for Cisco Small Business RV Series Routers command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/311151

Trust: 0.6

title:Cisco Small Business RV Series Routers Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168895

Trust: 0.6

sources: CNVD: CNVD-2021-103092 // JVNDB: JVNDB-2021-014456 // CNNVD: CNNVD-202111-371

EXTERNAL IDS

db:NVDid:CVE-2021-40120

Trust: 3.9

db:AUSCERTid:ESB-2021.3677

Trust: 1.2

db:JVNDBid:JVNDB-2021-014456

Trust: 0.8

db:CNVDid:CNVD-2021-103092

Trust: 0.7

db:CS-HELPid:SB2021110414

Trust: 0.6

db:CNNVDid:CNNVD-202111-371

Trust: 0.6

db:VULHUBid:VHN-401513

Trust: 0.1

sources: CNVD: CNVD-2021-103092 // VULHUB: VHN-401513 // JVNDB: JVNDB-2021-014456 // CNNVD: CNNVD-202111-371 // NVD: CVE-2021-40120

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbrv-cmdinjection-z5cwfdk

Trust: 2.3

url:https://www.auscert.org.au/bulletins/esb-2021.3677

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-40120

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021110414

Trust: 0.6

sources: CNVD: CNVD-2021-103092 // VULHUB: VHN-401513 // JVNDB: JVNDB-2021-014456 // CNNVD: CNNVD-202111-371 // NVD: CVE-2021-40120

SOURCES

db:CNVDid:CNVD-2021-103092
db:VULHUBid:VHN-401513
db:JVNDBid:JVNDB-2021-014456
db:CNNVDid:CNNVD-202111-371
db:NVDid:CVE-2021-40120

LAST UPDATE DATE

2024-11-23T23:11:04.290000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-103092date:2021-12-29T00:00:00
db:VULHUBid:VHN-401513date:2022-08-05T00:00:00
db:JVNDBid:JVNDB-2021-014456date:2022-10-19T02:28:00
db:CNNVDid:CNNVD-202111-371date:2022-08-08T00:00:00
db:NVDid:CVE-2021-40120date:2024-11-21T06:23:36.870

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-103092date:2021-12-29T00:00:00
db:VULHUBid:VHN-401513date:2021-11-04T00:00:00
db:JVNDBid:JVNDB-2021-014456date:2022-10-19T00:00:00
db:CNNVDid:CNNVD-202111-371date:2021-11-03T00:00:00
db:NVDid:CVE-2021-40120date:2021-11-04T16:15:09.430