cnvd - cnvd-2021-14807

cnvd-2021-14807

Vulnerability from cnvd

Title: Cisco IOS XR访问控制错误漏洞（CNVD-2021-14807）

Description:

Cisco IOS XR是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。

Cisco IOS XR软件中SNMP管理面板存在访问控制错误漏洞中存在漏洞。该漏洞是由于在将SNMP与管理平面保护配合使用时，LPTS编程不正确造成的。即使配置为拒绝访问SNMP的管理平面保护，也允许未经身份验证的远程攻击者允许连接受影响设备的服务器。

Severity: 中

Patch Name: Cisco IOS XR访问控制错误漏洞（CNVD-2021-14807）的补丁

Patch Description:

Cisco IOS XR是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。

Cisco IOS XR软件中SNMP管理面板存在访问控制错误漏洞中存在漏洞。该漏洞是由于在将SNMP与管理平面保护配合使用时，LPTS编程不正确造成的。即使配置为拒绝访问SNMP的管理平面保护，也允许未经身份验证的远程攻击者允许连接受影响设备的服务器。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq

Reference: https://vigilance.fr/vulnerability/Cisco-IOS-XR-privilege-escalation-via-SNMP-ACL-Bypass-34478

Impacted products

Name
Cisco IOS XR

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-1243",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-1243"
    }
  },
  "description": "Cisco IOS XR\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nCisco IOS XR\u8f6f\u4ef6\u4e2dSNMP\u7ba1\u7406\u9762\u677f\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u4e2d\u5b58\u5728\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5728\u5c06SNMP\u4e0e\u7ba1\u7406\u5e73\u9762\u4fdd\u62a4\u914d\u5408\u4f7f\u7528\u65f6\uff0cLPTS\u7f16\u7a0b\u4e0d\u6b63\u786e\u9020\u6210\u7684\u3002\u5373\u4f7f\u914d\u7f6e\u4e3a\u62d2\u7edd\u8bbf\u95eeSNMP\u7684\u7ba1\u7406\u5e73\u9762\u4fdd\u62a4\uff0c\u4e5f\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5141\u8bb8\u8fde\u63a5\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u670d\u52a1\u5668\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-14807",
  "openTime": "2021-03-07",
  "patchDescription": "Cisco IOS XR\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS XR\u8f6f\u4ef6\u4e2dSNMP\u7ba1\u7406\u9762\u677f\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u4e2d\u5b58\u5728\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5728\u5c06SNMP\u4e0e\u7ba1\u7406\u5e73\u9762\u4fdd\u62a4\u914d\u5408\u4f7f\u7528\u65f6\uff0cLPTS\u7f16\u7a0b\u4e0d\u6b63\u786e\u9020\u6210\u7684\u3002\u5373\u4f7f\u914d\u7f6e\u4e3a\u62d2\u7edd\u8bbf\u95eeSNMP\u7684\u7ba1\u7406\u5e73\u9762\u4fdd\u62a4\uff0c\u4e5f\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5141\u8bb8\u8fde\u63a5\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u670d\u52a1\u5668\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS XR\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2021-14807\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco IOS XR"
  },
  "referenceLink": "https://vigilance.fr/vulnerability/Cisco-IOS-XR-privilege-escalation-via-SNMP-ACL-Bypass-34478",
  "serverity": "\u4e2d",
  "submitTime": "2021-02-05",
  "title": "Cisco IOS XR\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2021-14807\uff09"
}

CVE-2021-1243 (GCVE-0-2021-1243)

Vulnerability from cvelistv5

Published

2021-02-04 16:35

Modified

2024-11-08 23:53

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-284

Summary

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XR Software	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:02:56.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210203 Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1243",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:04:35.326532Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:53:36.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XR Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-04T16:35:40",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210203 Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq"
        }
      ],
      "source": {
        "advisory": "cisco-sa-snmp-7MKrW7Nq",
        "defect": [
          [
            "CSCvt93184"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-02-03T16:00:00",
          "ID": "CVE-2021-1243",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XR Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210203 Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-snmp-7MKrW7Nq",
          "defect": [
            [
              "CSCvt93184"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1243",
    "datePublished": "2021-02-04T16:35:40.306287Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-08T23:53:36.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted