FKIE_CVE-2021-1433
Vulnerability from fkie_nvd - Published: 2021-03-24 20:15 - Updated: 2024-11-21 05:44
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The attacker must have a man-in-the-middle position between Cisco vManage and an associated device that is running an affected version of Cisco IOS XE SD-WAN Software. An exploit could allow the attacker to conduct a controllable buffer overflow attack (and possibly execute arbitrary commands as the root user) or cause a device reload, resulting in a denial of service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xe | 3.15.1xbs | |
| cisco | ios_xe | 3.15.2xbs | |
| cisco | ios_xe | 16.12.1 | |
| cisco | ios_xe | 16.12.1a | |
| cisco | ios_xe | 16.12.1c | |
| cisco | ios_xe | 16.12.1s | |
| cisco | ios_xe | 16.12.1t | |
| cisco | ios_xe | 16.12.1w | |
| cisco | ios_xe | 16.12.1x | |
| cisco | ios_xe | 16.12.1y | |
| cisco | ios_xe | 16.12.1z | |
| cisco | ios_xe | 16.12.1za | |
| cisco | ios_xe | 16.12.2 | |
| cisco | ios_xe | 16.12.2a | |
| cisco | ios_xe | 16.12.2s | |
| cisco | ios_xe | 16.12.2t | |
| cisco | ios_xe | 16.12.3 | |
| cisco | ios_xe | 16.12.3a | |
| cisco | ios_xe | 16.12.3s | |
| cisco | ios_xe | 17.2.1 | |
| cisco | ios_xe | 17.2.1a | |
| cisco | ios_xe | 17.2.1r | |
| cisco | ios_xe | 17.2.1v |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF22C29-84DF-44CA-B574-FE04AB39E344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.2xbs:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C7C0BA-D618-4B65-B42C-43393167EEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
"matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*",
"matchCriteriaId": "19AF4CF3-6E79-4EA3-974D-CD451A192BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1x:*:*:*:*:*:*:*",
"matchCriteriaId": "313BD54C-073C-4F27-82D5-C99EFC3A20F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*",
"matchCriteriaId": "93B96E01-3777-4C33-9225-577B469A6CE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1z:*:*:*:*:*:*:*",
"matchCriteriaId": "65FC3CC1-CF4F-4A2D-A500-04395AFE8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1za:*:*:*:*:*:*:*",
"matchCriteriaId": "027200FC-8AD4-47E4-A404-490AE4F997EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5019B59-508E-40B0-9C92-2C26F58E2FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "443D78BA-A3DA-4D1F-A4DF-2F426DC6B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*",
"matchCriteriaId": "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5750264-2990-4942-85F4-DB9746C5CA2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*",
"matchCriteriaId": "B9173AD6-6658-4267-AAA7-D50D0B657528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "B51FA707-8DB1-4596-9122-D4BFEF17F400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "C04DF35A-1B6F-420A-8D84-74EB41BF3700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*",
"matchCriteriaId": "211CC9B2-6108-4C50-AB31-DC527C43053E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The attacker must have a man-in-the-middle position between Cisco vManage and an associated device that is running an affected version of Cisco IOS XE SD-WAN Software. An exploit could allow the attacker to conduct a controllable buffer overflow attack (and possibly execute arbitrary commands as the root user) or cause a device reload, resulting in a denial of service (DoS) condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el proceso vDaemon en el Software Cisco IOS XE SD-WAN, podr\u00eda permitir a un atacante remoto no autenticado causar un desbordamiento del b\u00fafer en un dispositivo afectado.\u0026#xa0;Esta vulnerabilidad es debido a la comprobaci\u00f3n de l\u00edmites insuficiente cuando el dispositivo procesa el tr\u00e1fico.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de tr\u00e1fico dise\u00f1ado al dispositivo.\u0026#xa0;El atacante debe tener una posici\u00f3n de man-in-the-middle entre Cisco vManage y un dispositivo asociado que est\u00e9 ejecutando una versi\u00f3n afectada del Software Cisco IOS XE SD-WAN.\u0026#xa0;Una explotaci\u00f3n podr\u00eda permitir al atacante realizar un ataque de desbordamiento de b\u00fafer controlable (y posiblemente ejecutar comandos arbitrarios como usuario root) o causar una recarga del dispositivo, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS)"
}
],
"id": "CVE-2021-1433",
"lastModified": "2024-11-21T05:44:21.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-24T20:15:14.603",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-buffover-CqdRWLc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-buffover-CqdRWLc"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…