Vulnerability-Lookup

CNVD-2021-57458

Vulnerability from cnvd - Published: 2021-08-02

Title

Cisco 7000系列IP摄像头内存泄漏漏洞（CNVD-2021-57458）

Description

Cisco 7000系列IP摄像头是5兆像素、高清、室外固定半球摄像头，采用防破坏外壳，具有平移/倾斜/变焦功能。 Cisco 7000系列IP摄像头2.12.4之前版本固件的“链路层发现协议”(LLDP)的实现存在内存泄漏漏洞。该漏洞源于对某些LLDP数据包的处理不正确。攻击者可利用该漏洞通过发送特制LLDP数据包导致内存泄漏，从而可导致设备崩溃并重新加载。

Severity

低

Patch Name

Cisco 7000系列IP摄像头内存泄漏漏洞（CNVD-2021-57458）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq

Impacted products

Name
Cisco 7000系列IP摄像头 <2.12.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-1597",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-1597"
    }
  },
  "description": "Cisco 7000\u7cfb\u5217IP\u6444\u50cf\u5934\u662f5\u5146\u50cf\u7d20\u3001\u9ad8\u6e05\u3001\u5ba4\u5916\u56fa\u5b9a\u534a\u7403\u6444\u50cf\u5934\uff0c\u91c7\u7528\u9632\u7834\u574f\u5916\u58f3\uff0c\u5177\u6709\u5e73\u79fb/\u503e\u659c/\u53d8\u7126\u529f\u80fd\u3002\n\nCisco 7000\u7cfb\u5217IP\u6444\u50cf\u59342.12.4\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684\u201c\u94fe\u8def\u5c42\u53d1\u73b0\u534f\u8bae\u201d(LLDP)\u7684\u5b9e\u73b0\u5b58\u5728\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u67d0\u4e9bLLDP\u6570\u636e\u5305\u7684\u5904\u7406\u4e0d\u6b63\u786e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u7279\u5236LLDP\u6570\u636e\u5305\u5bfc\u81f4\u5185\u5b58\u6cc4\u6f0f\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u8bbe\u5907\u5d29\u6e83\u5e76\u91cd\u65b0\u52a0\u8f7d\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-57458",
  "openTime": "2021-08-02",
  "patchDescription": "Cisco 7000\u7cfb\u5217IP\u6444\u50cf\u5934\u662f5\u5146\u50cf\u7d20\u3001\u9ad8\u6e05\u3001\u5ba4\u5916\u56fa\u5b9a\u534a\u7403\u6444\u50cf\u5934\uff0c\u91c7\u7528\u9632\u7834\u574f\u5916\u58f3\uff0c\u5177\u6709\u5e73\u79fb/\u503e\u659c/\u53d8\u7126\u529f\u80fd\u3002\r\n\r\nCisco 7000\u7cfb\u5217IP\u6444\u50cf\u59342.12.4\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684\u201c\u94fe\u8def\u5c42\u53d1\u73b0\u534f\u8bae\u201d(LLDP)\u7684\u5b9e\u73b0\u5b58\u5728\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u67d0\u4e9bLLDP\u6570\u636e\u5305\u7684\u5904\u7406\u4e0d\u6b63\u786e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001\u7279\u5236LLDP\u6570\u636e\u5305\u5bfc\u81f4\u5185\u5b58\u6cc4\u6f0f\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u8bbe\u5907\u5d29\u6e83\u5e76\u91cd\u65b0\u52a0\u8f7d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco 7000\u7cfb\u5217IP\u6444\u50cf\u5934\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\uff08CNVD-2021-57458\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco 7000\u7cfb\u5217IP\u6444\u50cf\u5934 \u003c2.12.4"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq",
  "serverity": "\u4f4e",
  "submitTime": "2021-07-08",
  "title": "Cisco 7000\u7cfb\u5217IP\u6444\u50cf\u5934\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\uff08CNVD-2021-57458\uff09"
}

CVE-2021-1597 (GCVE-0-2021-1597)

Vulnerability from cvelistv5 – Published: 2021-07-08 18:35 – Updated: 2024-11-07 22:06

Title

Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities

Summary

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-401

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Video Surveillance 7000 Series IP Cameras	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:10.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210707 Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:41:22.085842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:06:51.376Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Video Surveillance 7000 Series IP Cameras",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-07-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-08T18:35:43",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210707 Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ipcamera-lldp-mem-wGqundTq",
        "defect": [
          [
            "CSCvy61465"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-07-07T16:00:00",
          "ID": "CVE-2021-1597",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Video Surveillance 7000 Series IP Cameras",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-401"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210707 Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ipcamera-lldp-mem-wGqundTq",
          "defect": [
            [
              "CSCvy61465"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1597",
    "datePublished": "2021-07-08T18:35:43.668460Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:06:51.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-57458

CVE-2021-1597 (GCVE-0-2021-1597)

Tags

Sightings

Nomenclature