nvd-json-data-feeds/CVE-2021/CVE-2021-347xx/CVE-2021-34758.json

{
  "id": "CVE-2021-34758",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2021-10-06T20:15:12.590",
  "lastModified": "2021-10-14T18:13:11.127",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la administraci\u00f3n de la memoria del software Cisco TelePresence Collaboration Endpoint (CE) y del software Cisco RoomOS, podr\u00eda permitir a un atacante local autenticado corromper un segmento de memoria compartida, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad es debido a los insuficientes controles de acceso a un recurso de memoria compartida. Un atacante podr\u00eda explotar esta vulnerabilidad al corromper un segmento de memoria compartida en un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar la recarga del dispositivo. El dispositivo se recuperar\u00e1 de la corrupci\u00f3n al reiniciar"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "LOW",
          "baseScore": 3.3,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV30": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ]
    },
    {
      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "10.7.2",
              "matchCriteriaId": "057A5B8F-EE83-451C-842F-7365A8F2146C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "10.7.1.2",
              "matchCriteriaId": "0F84713E-C1CE-4CAA-A5AC-A92E1FA8DC09"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT",
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}