admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-15xx/CVE-2021-1564.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

177 lines
6.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-1564",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-06-04T17:15:10.543",
"lastModified": "2022-08-05T15:18:19.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n de Cisco Discovery Protocol y Link Layer Discovery Protocol (LLDP) para C\u00e1maras IP Cisco Video Surveillance 7000 Series, podr\u00edan permitir a un atacante adyacente no autenticado causar una p\u00e9rdida de memoria, lo que podr\u00eda conllevar a una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Estas vulnerabilidades son debido al procesamiento incorrecto de determinados paquetes de Cisco Discovery Protocol y LLDP en el momento de la entrada. Un atacante podr\u00eda explotar estas vulnerabilidades mediante el env\u00edo de paquetes Cisco Discovery Protocol o LLDP dise\u00f1ados en un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el dispositivo afectado consuma continuamente memoria, lo que podr\u00eda causar que el dispositivo se bloquee y se recargue, resultando a una condici\u00f3n de DoS. Nota: Cisco Discovery Protocol y LLDP son protocolos de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (adyacente a la capa 2)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:video_surveillance_7530pd_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.12.3",
"matchCriteriaId": "3DA9D97B-13BD-4F9E-AA23-7F39F2133378"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:video_surveillance_7530pd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA18561-CB31-447C-8CFF-712DD1A13134"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:video_surveillance_7070_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.12.3",
"matchCriteriaId": "213FD4E3-83E2-477F-8008-6A6D4225C7FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:video_surveillance_7070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "904D94DB-5EDF-42D0-BDEA-D19D221F9ADF"
}
]
}
]
}
],
"references": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldpcdp-mem-yTQDmjRO",
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink