From 1161d1ecfe03e36696f6c8db36425af4daf59fae Mon Sep 17 00:00:00 2001 From: santosomar Date: Thu, 8 Apr 2021 03:52:47 +0000 Subject: [PATCH] Adding Cisco CVE-2021-1308 --- 2021/1xxx/CVE-2021-1308.json | 93 +++++++++++++++++++++++++++++++++--- 1 file changed, 86 insertions(+), 7 deletions(-) diff --git a/2021/1xxx/CVE-2021-1308.json b/2021/1xxx/CVE-2021-1308.json index f5ee9e833ab..1540ec4b2cc 100644 --- a/2021/1xxx/CVE-2021-1308.json +++ b/2021/1xxx/CVE-2021-1308.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2021-04-07T16:00:00", "ID": "CVE-2021-1308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Small Business RV Series Router Firmware ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device.\r For more information about these vulnerabilities, see the Details section of this advisory.\r Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).\r " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe" + } + ] + }, + "source": { + "advisory": "cisco-sa-rv-multi-lldp-u7e4chCe", + "defect": [ + [ + "CSCvw62392", + "CSCvw62395", + "CSCvw62410", + "CSCvw62411", + "CSCvw62413", + "CSCvw62416", + "CSCvw62417", + "CSCvw62418", + "CSCvw94339", + "CSCvw94341", + "CSCvw95016", + "CSCvw95017" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +}