admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-15xx/CVE-2021-1595.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

177 lines
6.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-1595",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-07-08T19:15:09.360",
"lastModified": "2021-07-13T13:39:23.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en la implementaci\u00f3n del Link Layer Discovery Protocol (LLDP) para Cisco Video Surveillance 7000 Series IP Cameras, podr\u00edan permitir a un atacante adyacente no autenticado causar una p\u00e9rdida de memoria, lo que podr\u00eda conllevar a una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Estas vulnerabilidades son debido al procesamiento incorrecto de determinados paquetes LLDP en el momento de la entrada. Un atacante podr\u00eda explotar estas vulnerabilidades al enviar paquetes LLDP dise\u00f1ados a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar que el dispositivo afectado consuma continuamente memoria, lo que podr\u00eda causar que el dispositivo se bloquee y se recargue, resultando en una condici\u00f3n de DoS. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusi\u00f3n que el dispositivo afectado (capa 2 adyacente)"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:video_surveillance_7530pd_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.12.4",
"matchCriteriaId": "37216DF1-17C6-4187-B363-245676938E09"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:video_surveillance_7530pd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA18561-CB31-447C-8CFF-712DD1A13134"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:video_surveillance_7070_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.12.4",
"matchCriteriaId": "CC722D1D-EB09-40BE-BECD-A5F3F8EF1103"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:video_surveillance_7070:-:*:*:*:*:*:*:*",
"matchCriteriaId": "904D94DB-5EDF-42D0-BDEA-D19D221F9ADF"
}
]
}
]
}
],
"references": [
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-mem-wGqundTq",
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink