Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-1220
Vulnerability from cvelistv5
Published
2021-03-24 20:16
Modified
2024-09-17 03:43
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210324 Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco IOS XE Software", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-03-24T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-24T20:16:10", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210324 Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, ], source: { advisory: "cisco-sa-xe-webui-dos-z9yqYQAn", defect: [ [ "CSCvu94117", "CSCvu99729", ], ], discovery: "INTERNAL", }, title: "Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-03-24T16:00:00", ID: "CVE-2021-1220", STATE: "PUBLIC", TITLE: "Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco IOS XE Software", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20210324 Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, ], }, source: { advisory: "cisco-sa-xe-webui-dos-z9yqYQAn", defect: [ [ "CSCvu94117", "CSCvu99729", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1220", datePublished: "2021-03-24T20:16:10.422630Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-09-17T03:43:34.793Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-1220\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2021-03-24T21:15:11.350\",\"lastModified\":\"2024-11-21T05:43:51.540\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.\"},{\"lang\":\"es\",\"value\":\"Múltiples vulnerabilidades en la Interfaz de Usuario Web del Software Cisco IOS XE, podrían permitir a un atacante remoto autenticado con privilegios de solo lectura hacer que el software de la interfaz de usuario web deje de responder y consuma instancias de línea vty, lo que resultará en una condición de denegación de servicio (DoS). Estas vulnerabilidades son debido a un manejo insuficiente de errores en la Interfaz de Usuario Web. Un atacante podría explotar estas vulnerabilidades mediante el envío de paquetes HTTP diseñados a un dispositivo afectado. Una explotación con éxito podría permitir el atacante causar que el software de la interfaz de usuario web deje de responder y consumiera todas las líneas vty disponibles, impidiendo el establecimiento de una nueva sesión y dando como resultado una condición de DoS. Se necesitaría una intervención manual para recuperar la Interfaz de Usuario Web y la funcionalidad de la sesión vty. Nota: estas vulnerabilidades no afectan la conexión de la consola\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:N/A:P\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BF22C29-84DF-44CA-B574-FE04AB39E344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:3.15.2xbs:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2C7C0BA-D618-4B65-B42C-43393167EEE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E91F8704-6DAD-474A-84EA-04E4AF7BB9B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"314C7763-A64D-4023-9F3F-9A821AE4151F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5820D71D-FC93-45AA-BC58-A26A1A39C936\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC1C85DD-69CC-4AA8-B219-651D57FC3506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B53E377A-0296-4D7A-B97C-576B0026543D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98DED36-D4B5-48D6-964E-EEEE97936700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD98C9E8-3EA6-4160-970D-37C389576516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9027A528-2588-4C06-810B-5BB313FE4323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7745ED34-D59D-49CC-B174-96BCA03B3374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19AF4CF3-6E79-4EA3-974D-CD451A192BA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"313BD54C-073C-4F27-82D5-C99EFC3A20F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93B96E01-3777-4C33-9225-577B469A6CE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1z:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65FC3CC1-CF4F-4A2D-A500-04395AFE8B47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5019B59-508E-40B0-9C92-2C26F58E2FBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"443D78BA-A3DA-4D1F-A4DF-2F426DC6B841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C6FB4DC-814D-49D2-BBE2-3861AE985A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5750264-2990-4942-85F4-DB9746C5CA2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9173AD6-6658-4267-AAA7-D50D0B657528\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F02EE9D-45B1-43D6-B05D-6FF19472216B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E306B09C-CB48-4067-B60C-5F738555EEAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD446C51-E713-4E46-8328-0A0477D140D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89369318-2E83-489F-B872-5F2E247BBF8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B51FA707-8DB1-4596-9122-D4BFEF17F400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C04DF35A-1B6F-420A-8D84-74EB41BF3700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"211CC9B2-6108-4C50-AB31-DC527C43053E\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
fkie_cve-2021-1220
Vulnerability from fkie_nvd
Published
2021-03-24 21:15
Modified
2024-11-21 05:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ios_xe | 3.15.1xbs | |
| cisco | ios_xe | 3.15.2xbs | |
| cisco | ios_xe | 16.11.1 | |
| cisco | ios_xe | 16.11.1a | |
| cisco | ios_xe | 16.11.1b | |
| cisco | ios_xe | 16.11.1c | |
| cisco | ios_xe | 16.11.1s | |
| cisco | ios_xe | 16.11.2 | |
| cisco | ios_xe | 16.12.1 | |
| cisco | ios_xe | 16.12.1a | |
| cisco | ios_xe | 16.12.1c | |
| cisco | ios_xe | 16.12.1s | |
| cisco | ios_xe | 16.12.1t | |
| cisco | ios_xe | 16.12.1w | |
| cisco | ios_xe | 16.12.1x | |
| cisco | ios_xe | 16.12.1y | |
| cisco | ios_xe | 16.12.1z | |
| cisco | ios_xe | 16.12.2 | |
| cisco | ios_xe | 16.12.2a | |
| cisco | ios_xe | 16.12.2s | |
| cisco | ios_xe | 16.12.2t | |
| cisco | ios_xe | 16.12.3 | |
| cisco | ios_xe | 16.12.3a | |
| cisco | ios_xe | 16.12.3s | |
| cisco | ios_xe | 16.12.4 | |
| cisco | ios_xe | 16.12.4a | |
| cisco | ios_xe | 17.1.1 | |
| cisco | ios_xe | 17.1.1a | |
| cisco | ios_xe | 17.1.1s | |
| cisco | ios_xe | 17.1.1t | |
| cisco | ios_xe | 17.1.2 | |
| cisco | ios_xe | 17.2.1 | |
| cisco | ios_xe | 17.2.1a | |
| cisco | ios_xe | 17.2.1r | |
| cisco | ios_xe | 17.2.1v |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*", matchCriteriaId: "4BF22C29-84DF-44CA-B574-FE04AB39E344", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.15.2xbs:*:*:*:*:*:*:*", matchCriteriaId: "C2C7C0BA-D618-4B65-B42C-43393167EEE0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", matchCriteriaId: "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", matchCriteriaId: "314C7763-A64D-4023-9F3F-9A821AE4151F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", matchCriteriaId: "5820D71D-FC93-45AA-BC58-A26A1A39C936", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*", matchCriteriaId: "FC1C85DD-69CC-4AA8-B219-651D57FC3506", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", matchCriteriaId: "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", matchCriteriaId: "B53E377A-0296-4D7A-B97C-576B0026543D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", matchCriteriaId: "C98DED36-D4B5-48D6-964E-EEEE97936700", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", matchCriteriaId: "CD98C9E8-3EA6-4160-970D-37C389576516", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", matchCriteriaId: "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", matchCriteriaId: "9027A528-2588-4C06-810B-5BB313FE4323", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", matchCriteriaId: "7745ED34-D59D-49CC-B174-96BCA03B3374", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*", matchCriteriaId: "19AF4CF3-6E79-4EA3-974D-CD451A192BA9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1x:*:*:*:*:*:*:*", matchCriteriaId: "313BD54C-073C-4F27-82D5-C99EFC3A20F7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*", matchCriteriaId: "93B96E01-3777-4C33-9225-577B469A6CE5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1z:*:*:*:*:*:*:*", matchCriteriaId: "65FC3CC1-CF4F-4A2D-A500-04395AFE8B47", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*", matchCriteriaId: "E5019B59-508E-40B0-9C92-2C26F58E2FBE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*", matchCriteriaId: "443D78BA-A3DA-4D1F-A4DF-2F426DC6B841", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", matchCriteriaId: "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*", matchCriteriaId: "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", matchCriteriaId: "D5750264-2990-4942-85F4-DB9746C5CA2B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*", matchCriteriaId: "02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", matchCriteriaId: "B9173AD6-6658-4267-AAA7-D50D0B657528", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", matchCriteriaId: "7F02EE9D-45B1-43D6-B05D-6FF19472216B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", matchCriteriaId: "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*", matchCriteriaId: "E306B09C-CB48-4067-B60C-5F738555EEAC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*", matchCriteriaId: "CD446C51-E713-4E46-8328-0A0477D140D2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*", matchCriteriaId: "4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*", matchCriteriaId: "4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*", matchCriteriaId: "89369318-2E83-489F-B872-5F2E247BBF8F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", matchCriteriaId: "B51FA707-8DB1-4596-9122-D4BFEF17F400", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*", matchCriteriaId: "C04DF35A-1B6F-420A-8D84-74EB41BF3700", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*", matchCriteriaId: "211CC9B2-6108-4C50-AB31-DC527C43053E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.", }, { lang: "es", value: "Múltiples vulnerabilidades en la Interfaz de Usuario Web del Software Cisco IOS XE, podrían permitir a un atacante remoto autenticado con privilegios de solo lectura hacer que el software de la interfaz de usuario web deje de responder y consuma instancias de línea vty, lo que resultará en una condición de denegación de servicio (DoS). Estas vulnerabilidades son debido a un manejo insuficiente de errores en la Interfaz de Usuario Web. Un atacante podría explotar estas vulnerabilidades mediante el envío de paquetes HTTP diseñados a un dispositivo afectado. Una explotación con éxito podría permitir el atacante causar que el software de la interfaz de usuario web deje de responder y consumiera todas las líneas vty disponibles, impidiendo el establecimiento de una nueva sesión y dando como resultado una condición de DoS. Se necesitaría una intervención manual para recuperar la Interfaz de Usuario Web y la funcionalidad de la sesión vty. Nota: estas vulnerabilidades no afectan la conexión de la consola", }, ], id: "CVE-2021-1220", lastModified: "2024-11-21T05:43:51.540", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-24T21:15:11.350", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202103-0383
Vulnerability from variot
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. Cisco IOS XE Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS is an operating system developed for its network equipment. CLI is one of those command line interfaces. SD-WAN Software is one of the software-defined WAN software
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0383", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1w", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.1t", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1x", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "3.15.1xbs", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.1s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.4a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.1r", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1c", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1t", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.2t", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.2s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1c", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.1v", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "3.15.2xbs", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1z", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.3s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.4", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1y", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.3a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.2a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1b", }, { model: "cisco ios xe", scope: "eq", trust: 0.8, vendor: "シスコシステムズ", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-004753", }, { db: "NVD", id: "CVE-2021-1220", }, ], }, cve: "CVE-2021-1220", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "CVE-2021-1220", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1.9, vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", exploitabilityScore: 6.8, id: "VHN-374274", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:N/AC:M/AU:S/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-1220", impactScore: 1.4, integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 2, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "Low", baseScore: 4.3, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-1220", impactScore: null, integrityImpact: "None", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-1220", trust: 1, value: "MEDIUM", }, { author: "ykramarz@cisco.com", id: "CVE-2021-1220", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2021-1220", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202103-1432", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-374274", trust: 0.1, value: "LOW", }, { author: "VULMON", id: "CVE-2021-1220", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-374274", }, { db: "VULMON", id: "CVE-2021-1220", }, { db: "JVNDB", id: "JVNDB-2021-004753", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202103-1432", }, { db: "NVD", id: "CVE-2021-1220", }, { db: "NVD", id: "CVE-2021-1220", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. Cisco IOS XE Is vulnerable to input validation.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS is an operating system developed for its network equipment. CLI is one of those command line interfaces. SD-WAN Software is one of the software-defined WAN software", sources: [ { db: "NVD", id: "CVE-2021-1220", }, { db: "JVNDB", id: "JVNDB-2021-004753", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULHUB", id: "VHN-374274", }, { db: "VULMON", id: "CVE-2021-1220", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-1220", trust: 2.6, }, { db: "JVNDB", id: "JVNDB-2021-004753", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-202103-1432", trust: 0.7, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "CS-HELP", id: "SB2021042150", trust: 0.6, }, { db: "VULHUB", id: "VHN-374274", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-1220", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-374274", }, { db: "VULMON", id: "CVE-2021-1220", }, { db: "JVNDB", id: "JVNDB-2021-004753", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202103-1432", }, { db: "NVD", id: "CVE-2021-1220", }, ], }, id: "VAR-202103-0383", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-374274", }, ], trust: 0.01, }, last_update_date: "2024-11-23T21:13:12.900000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-xe-webui-dos-z9yqYQAn", trust: 0.8, url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, { title: "Cisco IOS and IOS XE Enter the fix for the verification error vulnerability", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145076", }, { title: "Cisco: Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-xe-webui-dos-z9yqYQAn", }, ], sources: [ { db: "VULMON", id: "CVE-2021-1220", }, { db: "JVNDB", id: "JVNDB-2021-004753", }, { db: "CNNVD", id: "CNNVD-202103-1432", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.1, }, { problemtype: "NVD-CWE-noinfo", trust: 1, }, { problemtype: "Incorrect input confirmation (CWE-20) [ Other ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-374274", }, { db: "JVNDB", id: "JVNDB-2021-004753", }, { db: "NVD", id: "CVE-2021-1220", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-xe-webui-dos-z9yqyqan", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1220", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021042150", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/20.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198709", }, ], sources: [ { db: "VULHUB", id: "VHN-374274", }, { db: "VULMON", id: "CVE-2021-1220", }, { db: "JVNDB", id: "JVNDB-2021-004753", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202103-1432", }, { db: "NVD", id: "CVE-2021-1220", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-374274", }, { db: "VULMON", id: "CVE-2021-1220", }, { db: "JVNDB", id: "JVNDB-2021-004753", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202103-1432", }, { db: "NVD", id: "CVE-2021-1220", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-03-24T00:00:00", db: "VULHUB", id: "VHN-374274", }, { date: "2021-03-24T00:00:00", db: "VULMON", id: "CVE-2021-1220", }, { date: "2021-11-29T00:00:00", db: "JVNDB", id: "JVNDB-2021-004753", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-03-24T00:00:00", db: "CNNVD", id: "CNNVD-202103-1432", }, { date: "2021-03-24T21:15:11.350000", db: "NVD", id: "CVE-2021-1220", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-03-29T00:00:00", db: "VULHUB", id: "VHN-374274", }, { date: "2021-03-29T00:00:00", db: "VULMON", id: "CVE-2021-1220", }, { date: "2021-11-29T09:15:00", db: "JVNDB", id: "JVNDB-2021-004753", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-04-22T00:00:00", db: "CNNVD", id: "CNNVD-202103-1432", }, { date: "2024-11-21T05:43:51.540000", db: "NVD", id: "CVE-2021-1220", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202103-1432", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco IOS XE Input confirmation vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2021-004753", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, ], trust: 0.6, }, }
ICSA-21-110-02
Vulnerability from csaf_cisa
Published
2021-04-20 00:00
Modified
2021-04-20 00:00
Summary
ICSA-21-110-02_Rockwell Automation Stratix Switches
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Cisco reported these vulnerabilities to Rockwell Automation.
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Cisco", summary: "reporting these vulnerabilities to Rockwell Automation", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "summary", text: "Cisco reported these vulnerabilities to Rockwell Automation.", title: "Summary", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "CISAservicedesk@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "ICS Advisory ICSA-21-110-02 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-110-02.json", }, { category: "self", summary: "ICS Advisory ICSA-21-110-02 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-110-02", }, ], title: "ICSA-21-110-02_Rockwell Automation Stratix Switches", tracking: { current_release_date: "2021-04-20T00:00:00.000000Z", generator: { engine: { name: "CISA USCert CSAF Generator", version: "1", }, }, id: "ICSA-21-110-02", initial_release_date: "2021-04-20T00:00:00.000000Z", revision_history: [ { date: "2021-04-20T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-110-02 Rockwell Automation Stratix Switches", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5400: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "Stratix 5400", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5700: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "Stratix 5700", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5410: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "Stratix 5410", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 8000: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "Stratix 8000", }, { branches: [ { category: "product_version_range", name: "<= 16.12.01", product: { name: "Stratix 5800: Versions 16.12.01 and earlier", product_id: "CSAFPID-0005", }, }, ], category: "product_name", name: "Stratix 5800", }, ], category: "vendor", name: "Rockwell Automation", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1392", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, notes: [ { category: "summary", text: "A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE software could allow an authenticated attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the affected device as an administrative user.CVE-2021-1392 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1392", }, { cve: "CVE-2021-1403", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "summary", text: "A vulnerability in the web UI feature of Cisco IOS XE software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial-of-service condition on an affected device.CVE-2021-1403 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1352", cwe: { id: "CWE-823", name: "Use of Out-of-range Pointer Offset", }, notes: [ { category: "summary", text: "A vulnerability in the DECnet protocol processing of Cisco IOS XE software could allow an unauthenticated, adjacent attacker to cause a denial-of-service condition on an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial-of-service condition. This vulnerability affects Stratix 5800 devices if they are running a vulnerable release of Cisco IOS XE software and have the DECnet protocol enabled. DECnet is not enabled by default. CVE-2021-1352 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1442", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "summary", text: "A vulnerability in the Stratix 5800 switches could allow an unauthenticated, physical attacker to execute persistent code at boot time and break the chain of trust. CVE-2021-1452 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1452", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "A vulnerability in a diagnostic command for the Plug and Play (PnP) subsystem of Cisco IOS XE software could allow an authenticated, local attacker to elevate privileges to the level of an administrator on an affected Stratix 5800. Plug-and-Play is disabled after Express Setup has completed.CVE-2021-1442 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1452", }, { cve: "CVE-2021-1443", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "A vulnerability in the Stratix 5800 switches could allow an unauthenticated, physical attacker to execute persistent code at boot time and break the chain of trust.CVE-2021-1452 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1443", }, { cve: "CVE-2021-1220", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A vulnerability in the web UI of the IOS XE software could allow a remote, authenticated attacker to execute arbitrary code with root privileges on the underlying operating system of the affected device. To exploit this vulnerability, an attacker would need to have admin credentials to the device.CVE-2021-1443 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1220", }, ], }
icsa-21-110-02
Vulnerability from csaf_cisa
Published
2021-04-20 00:00
Modified
2021-04-20 00:00
Summary
ICSA-21-110-02_Rockwell Automation Stratix Switches
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Cisco reported these vulnerabilities to Rockwell Automation.
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Cisco", summary: "reporting these vulnerabilities to Rockwell Automation", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "summary", text: "Cisco reported these vulnerabilities to Rockwell Automation.", title: "Summary", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "CISAservicedesk@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "ICS Advisory ICSA-21-110-02 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-110-02.json", }, { category: "self", summary: "ICS Advisory ICSA-21-110-02 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-110-02", }, ], title: "ICSA-21-110-02_Rockwell Automation Stratix Switches", tracking: { current_release_date: "2021-04-20T00:00:00.000000Z", generator: { engine: { name: "CISA USCert CSAF Generator", version: "1", }, }, id: "ICSA-21-110-02", initial_release_date: "2021-04-20T00:00:00.000000Z", revision_history: [ { date: "2021-04-20T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-110-02 Rockwell Automation Stratix Switches", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5400: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "Stratix 5400", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5700: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "Stratix 5700", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5410: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "Stratix 5410", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 8000: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "Stratix 8000", }, { branches: [ { category: "product_version_range", name: "<= 16.12.01", product: { name: "Stratix 5800: Versions 16.12.01 and earlier", product_id: "CSAFPID-0005", }, }, ], category: "product_name", name: "Stratix 5800", }, ], category: "vendor", name: "Rockwell Automation", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1392", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, notes: [ { category: "summary", text: "A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE software could allow an authenticated attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the affected device as an administrative user.CVE-2021-1392 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1392", }, { cve: "CVE-2021-1403", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "summary", text: "A vulnerability in the web UI feature of Cisco IOS XE software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial-of-service condition on an affected device.CVE-2021-1403 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1352", cwe: { id: "CWE-823", name: "Use of Out-of-range Pointer Offset", }, notes: [ { category: "summary", text: "A vulnerability in the DECnet protocol processing of Cisco IOS XE software could allow an unauthenticated, adjacent attacker to cause a denial-of-service condition on an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial-of-service condition. This vulnerability affects Stratix 5800 devices if they are running a vulnerable release of Cisco IOS XE software and have the DECnet protocol enabled. DECnet is not enabled by default. CVE-2021-1352 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1442", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "summary", text: "A vulnerability in the Stratix 5800 switches could allow an unauthenticated, physical attacker to execute persistent code at boot time and break the chain of trust. CVE-2021-1452 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1452", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "A vulnerability in a diagnostic command for the Plug and Play (PnP) subsystem of Cisco IOS XE software could allow an authenticated, local attacker to elevate privileges to the level of an administrator on an affected Stratix 5800. Plug-and-Play is disabled after Express Setup has completed.CVE-2021-1442 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1452", }, { cve: "CVE-2021-1443", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "A vulnerability in the Stratix 5800 switches could allow an unauthenticated, physical attacker to execute persistent code at boot time and break the chain of trust.CVE-2021-1452 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1443", }, { cve: "CVE-2021-1220", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A vulnerability in the web UI of the IOS XE software could allow a remote, authenticated attacker to execute arbitrary code with root privileges on the underlying operating system of the affected device. To exploit this vulnerability, an attacker would need to have admin credentials to the device.CVE-2021-1443 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1220", }, ], }
cisco-sa-xe-webui-dos-z9yqyqan
Vulnerability from csaf_cisco
Published
2021-03-24 16:00
Modified
2021-03-24 16:00
Summary
Cisco IOS XE Software Web UI Denial of Service Vulnerabilities
Notes
Summary
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition.
These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality.
Note: These vulnerabilities do not affect the console connection.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Vulnerable Products
At the time of publication, these vulnerabilities affected Cisco devices if they were running a vulnerable release of Cisco IOS XE Software and had the HTTP Server feature enabled. The default state of the HTTP Server feature in Cisco IOS XE Software is version and platform dependent.
For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.
Determine the HTTP Server Configuration
To determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server|secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present and configured, the HTTP Server feature is enabled for the device.
The following example shows the output of the show running-config | include ip http server|secure|active command for a device that has the HTTP Server feature enabled:
Router# show running-config | include ip http server|secure|active
ip http server
ip http secure-server
Note: The presence of either command or both commands in the device configuration indicates that the web UI feature is enabled.
If the ip http server command is present and the configuration also contains ip http active-session-modules none, these vulnerabilities are not exploitable over HTTP.
If the ip http secure-server command is present and the configuration also contains ip http secure-active-session-modules none, these vulnerabilities are not exploitable over HTTPS.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities.
Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:
IOS Software
IOS XR Software
NX-OS Software
Indicators of Compromise
Unexpected idle vty sessions may be an indicator that these vulnerabilities have been exploited. Use the show user command to display console and vty sessions. The initial session that causes these vulnerabilities could appear as an idle vty connection with a valid username, such as user1 in the examples below. If the attack persists, additional idle vty sessions will be displayed in the Host(s) column as HTTP CP. The following example shows output from the show user command on a device that has been compromised:
eWLC#show user
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 user1 idle 00:31:45
3 vty 1 HTTP CP 00:47:15
4 vty 2 HTTP CP 00:47:15
If the web UI is not responding and unexpected idle vty sessions are identified, the administrator may be able to clear these lines. Use the Idle time as an indicator and not the Host(s) value. Start at the first idle vty session and clear each line in succession until all have been cleared. All idle lines must be cleared before any listed sessions will disappear from the list. Once the last session is cleared, all of these vty lines should be freed.
Use the clear line x command to clear the idle vty sessions. The vty line is the left-most number. In this example, the CLI command clear line 2 will clear the user1 user session:
eWLC#clear line 2
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 user1 idle 00:31:45
3 vty 1 HTTP CP 00:47:15
4 vty 2 HTTP CP 00:47:15
If the vty lines cannot be cleared, the device may need to be reloaded in order to restore the web UI and vty session functionality.
Workarounds
There are no workarounds that address these vulnerabilities.
Disabling the HTTP Server feature eliminates the attack vector for these vulnerabilities and may be a suitable mitigation until affected devices can be upgraded. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.
While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
Fixed Software
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Cisco IOS and IOS XE Software
To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).
Customers can use the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to search advisories in the following ways:
Choose the software and one or more releases
Upload a .txt file that includes a list of specific releases
Enter the output of the show version command
After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.
Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S:
By default, the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
Source
Cisco would like to thank Marcin Kopec, Fabian Beck, and Jiri Kulda from Deutsche Telekom for reporting these vulnerabilities.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{ document: { acknowledgments: [ { summary: "Cisco would like to thank Marcin Kopec, Fabian Beck, and Jiri Kulda from Deutsche Telekom for reporting these vulnerabilities.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", notes: [ { category: "summary", text: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition.\r\n\r\nThese vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality.\r\n\r\nNote: These vulnerabilities do not affect the console connection.\r\n\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\n", title: "Summary", }, { category: "general", text: "At the time of publication, these vulnerabilities affected Cisco devices if they were running a vulnerable release of Cisco IOS XE Software and had the HTTP Server feature enabled. The default state of the HTTP Server feature in Cisco IOS XE Software is version and platform dependent.\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n Determine the HTTP Server Configuration\r\nTo determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server|secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present and configured, the HTTP Server feature is enabled for the device.\r\n\r\nThe following example shows the output of the show running-config | include ip http server|secure|active command for a device that has the HTTP Server feature enabled:\r\n\r\n\r\nRouter# show running-config | include ip http server|secure|active\r\nip http server\r\nip http secure-server\r\n\r\nNote: The presence of either command or both commands in the device configuration indicates that the web UI feature is enabled.\r\n\r\nIf the ip http server command is present and the configuration also contains ip http active-session-modules none, these vulnerabilities are not exploitable over HTTP.\r\n\r\nIf the ip http secure-server command is present and the configuration also contains ip http secure-active-session-modules none, these vulnerabilities are not exploitable over HTTPS.", title: "Vulnerable Products", }, { category: "general", text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.\r\n\r\nCisco has confirmed that these vulnerabilities do not affect the following Cisco products:\r\n\r\nIOS Software\r\nIOS XR Software\r\nNX-OS Software", title: "Products Confirmed Not Vulnerable", }, { category: "general", text: "Unexpected idle vty sessions may be an indicator that these vulnerabilities have been exploited. Use the show user command to display console and vty sessions. The initial session that causes these vulnerabilities could appear as an idle vty connection with a valid username, such as user1 in the examples below. If the attack persists, additional idle vty sessions will be displayed in the Host(s) column as HTTP CP. The following example shows output from the show user command on a device that has been compromised:\r\n\r\n\r\neWLC#show user\r\n Line User Host(s) Idle Location\r\n* 0 con 0 idle 00:00:00\r\n 2 vty 0 user1 idle 00:31:45\r\n 3 vty 1 HTTP CP 00:47:15\r\n 4 vty 2 HTTP CP 00:47:15\r\n\r\nIf the web UI is not responding and unexpected idle vty sessions are identified, the administrator may be able to clear these lines. Use the Idle time as an indicator and not the Host(s) value. Start at the first idle vty session and clear each line in succession until all have been cleared. All idle lines must be cleared before any listed sessions will disappear from the list. Once the last session is cleared, all of these vty lines should be freed.\r\n\r\nUse the clear line x command to clear the idle vty sessions. The vty line is the left-most number. In this example, the CLI command clear line 2 will clear the user1 user session:\r\n\r\n\r\neWLC#clear line 2\r\n Line User Host(s) Idle Location\r\n* 0 con 0 idle 00:00:00\r\n 2 vty 0 user1 idle 00:31:45\r\n 3 vty 1 HTTP CP 00:47:15\r\n 4 vty 2 HTTP CP 00:47:15\r\n\r\nIf the vty lines cannot be cleared, the device may need to be reloaded in order to restore the web UI and vty session functionality.", title: "Indicators of Compromise", }, { category: "general", text: "There are no workarounds that address these vulnerabilities.\r\n\r\nDisabling the HTTP Server feature eliminates the attack vector for these vulnerabilities and may be a suitable mitigation until affected devices can be upgraded. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.\r\n\r\nWhile this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.", title: "Workarounds", }, { category: "general", text: "When considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Cisco IOS and IOS XE Software\r\nTo help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).\r\n\r\nCustomers can use the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to search advisories in the following ways:\r\n\r\nChoose the software and one or more releases\r\nUpload a .txt file that includes a list of specific releases\r\nEnter the output of the show version command\r\n\r\nAfter initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.\r\n\r\nCustomers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S:\r\n\r\n\r\n\r\nBy default, the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search.", title: "Fixed Software", }, { category: "general", text: "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", title: "Vulnerability Policy", }, { category: "general", text: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", title: "Exploitation and Public Announcements", }, { category: "general", text: "Cisco would like to thank Marcin Kopec, Fabian Beck, and Jiri Kulda from Deutsche Telekom for reporting these vulnerabilities.", title: "Source", }, { category: "legal_disclaimer", text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", title: "Legal Disclaimer", }, ], publisher: { category: "vendor", contact_details: "psirt@cisco.com", issuing_authority: "Cisco PSIRT", name: "Cisco", namespace: "https://wwww.cisco.com", }, references: [ { category: "self", summary: "Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, { category: "external", summary: "Cisco Security Vulnerability Policy", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", }, { category: "external", summary: "considering software upgrades", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes", }, { category: "external", summary: "Cisco Security Advisories page", url: "https://www.cisco.com/go/psirt", }, { category: "external", summary: "Cisco Software Checker", url: "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x", }, ], title: "Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", tracking: { current_release_date: "2021-03-24T16:00:00+00:00", generator: { date: "2024-05-10T23:01:07+00:00", engine: { name: "TVCE", }, }, id: "cisco-sa-xe-webui-dos-z9yqYQAn", initial_release_date: "2021-03-24T16:00:00+00:00", revision_history: [ { date: "2021-03-24T15:30:37+00:00", number: "1.0.0", summary: "Initial public release.", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { branches: [ { category: "service_pack", name: "16.11.1", product: { name: "16.11.1", product_id: "CSAFPID-227918", }, }, { category: "service_pack", name: "16.11.1a", product: { name: "16.11.1a", product_id: "CSAFPID-252271", }, }, { category: "service_pack", name: "16.11.1b", product: { name: "16.11.1b", product_id: "CSAFPID-260741", }, }, { category: "service_pack", name: "16.11.2", product: { name: "16.11.2", product_id: "CSAFPID-261240", }, }, { category: "service_pack", name: "16.11.1s", product: { name: "16.11.1s", product_id: "CSAFPID-261465", }, }, { category: "service_pack", name: "16.11.1c", product: { name: "16.11.1c", product_id: "CSAFPID-264096", }, }, ], category: "product_version", name: "16.11", }, { branches: [ { category: "service_pack", name: "16.12.1", product: { name: "16.12.1", product_id: "CSAFPID-227920", }, }, { category: "service_pack", name: "16.12.1s", product: { name: "16.12.1s", product_id: "CSAFPID-265735", }, }, { category: "service_pack", name: "16.12.1a", product: { name: "16.12.1a", product_id: "CSAFPID-265841", }, }, { category: "service_pack", name: "16.12.1c", product: { name: "16.12.1c", product_id: "CSAFPID-267110", }, }, { category: "service_pack", name: "16.12.1w", product: { name: "16.12.1w", product_id: "CSAFPID-267240", }, }, { category: "service_pack", name: "16.12.2", product: { name: "16.12.2", product_id: "CSAFPID-267605", }, }, { category: "service_pack", name: "16.12.1y", product: { name: "16.12.1y", product_id: "CSAFPID-271938", }, }, { category: "service_pack", name: "16.12.2a", product: { name: "16.12.2a", product_id: "CSAFPID-272047", }, }, { category: "service_pack", name: "16.12.3", product: { name: "16.12.3", product_id: "CSAFPID-273445", }, }, { category: "service_pack", name: "16.12.2s", product: { name: "16.12.2s", product_id: "CSAFPID-273509", }, }, { category: "service_pack", name: "16.12.1x", product: { name: "16.12.1x", product_id: "CSAFPID-273649", }, }, { category: "service_pack", name: "16.12.1t", product: { name: "16.12.1t", product_id: "CSAFPID-274832", }, }, { category: "service_pack", name: "16.12.2t", product: { name: "16.12.2t", product_id: "CSAFPID-275538", }, }, { category: "service_pack", name: "16.12.4", product: { name: "16.12.4", product_id: "CSAFPID-277147", }, }, { category: "service_pack", name: "16.12.3s", product: { name: "16.12.3s", product_id: "CSAFPID-277255", }, }, { category: "service_pack", name: "16.12.1z", product: { name: "16.12.1z", product_id: "CSAFPID-277256", }, }, { category: "service_pack", name: "16.12.3a", product: { name: "16.12.3a", product_id: "CSAFPID-277321", }, }, { category: "service_pack", name: "16.12.4a", product: { name: "16.12.4a", product_id: "CSAFPID-278881", }, }, ], category: "product_version", name: "16.12", }, { branches: [ { category: "service_pack", name: "17.1.1", product: { name: "17.1.1", product_id: "CSAFPID-245377", }, }, { category: "service_pack", name: "17.1.1a", product: { name: "17.1.1a", product_id: "CSAFPID-272932", }, }, { category: "service_pack", name: "17.1.1s", product: { name: "17.1.1s", product_id: "CSAFPID-274818", }, }, { category: "service_pack", name: "17.1.2", product: { name: "17.1.2", product_id: "CSAFPID-277338", }, }, { category: "service_pack", name: "17.1.1t", product: { name: "17.1.1t", product_id: "CSAFPID-277348", }, }, ], category: "product_version", name: "17.1", }, { branches: [ { category: "service_pack", name: "17.2.1", product: { name: "17.2.1", product_id: "CSAFPID-251225", }, }, { category: "service_pack", name: "17.2.1r", product: { name: "17.2.1r", product_id: "CSAFPID-277194", }, }, { category: "service_pack", name: "17.2.1a", product: { name: "17.2.1a", product_id: "CSAFPID-277343", }, }, { category: "service_pack", name: "17.2.1v", product: { name: "17.2.1v", product_id: "CSAFPID-278002", }, }, { category: "service_pack", name: "17.2.2", product: { name: "17.2.2", product_id: "CSAFPID-278504", }, }, ], category: "product_version", name: "17.2", }, ], category: "product_family", name: "Cisco IOS XE Software", }, ], category: "vendor", name: "Cisco", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1220", ids: [ { system_name: "Cisco Bug ID", text: "CSCvu99729", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-252271", "CSAFPID-260741", "CSAFPID-261240", "CSAFPID-261465", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267240", "CSAFPID-267605", "CSAFPID-271938", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-273649", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-277147", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277256", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278881", ], }, release_date: "2021-03-24T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-252271", "CSAFPID-260741", "CSAFPID-261240", "CSAFPID-261465", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267240", "CSAFPID-267605", "CSAFPID-271938", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-273649", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-277147", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277256", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278881", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-252271", "CSAFPID-260741", "CSAFPID-261240", "CSAFPID-261465", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267240", "CSAFPID-267605", "CSAFPID-271938", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-273649", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-277147", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277256", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278881", ], }, ], title: "Cisco IOS XE Software Web Management Framework Denial of Service Vulnerability", }, { cve: "CVE-2021-1356", ids: [ { system_name: "Cisco Bug ID", text: "CSCvu94117", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-272932", "CSAFPID-274818", "CSAFPID-277194", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278504", ], }, release_date: "2021-03-24T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-272932", "CSAFPID-274818", "CSAFPID-277194", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278504", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-272932", "CSAFPID-274818", "CSAFPID-277194", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278504", ], }, ], title: "Cisco IOS XE Software Web Management Framework Denial of Service Vulnerability", }, ], }
cisco-sa-xe-webui-dos-z9yqYQAn
Vulnerability from csaf_cisco
Published
2021-03-24 16:00
Modified
2021-03-24 16:00
Summary
Cisco IOS XE Software Web UI Denial of Service Vulnerabilities
Notes
Summary
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition.
These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality.
Note: These vulnerabilities do not affect the console connection.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Vulnerable Products
At the time of publication, these vulnerabilities affected Cisco devices if they were running a vulnerable release of Cisco IOS XE Software and had the HTTP Server feature enabled. The default state of the HTTP Server feature in Cisco IOS XE Software is version and platform dependent.
For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.
Determine the HTTP Server Configuration
To determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server|secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present and configured, the HTTP Server feature is enabled for the device.
The following example shows the output of the show running-config | include ip http server|secure|active command for a device that has the HTTP Server feature enabled:
Router# show running-config | include ip http server|secure|active
ip http server
ip http secure-server
Note: The presence of either command or both commands in the device configuration indicates that the web UI feature is enabled.
If the ip http server command is present and the configuration also contains ip http active-session-modules none, these vulnerabilities are not exploitable over HTTP.
If the ip http secure-server command is present and the configuration also contains ip http secure-active-session-modules none, these vulnerabilities are not exploitable over HTTPS.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities.
Cisco has confirmed that these vulnerabilities do not affect the following Cisco products:
IOS Software
IOS XR Software
NX-OS Software
Indicators of Compromise
Unexpected idle vty sessions may be an indicator that these vulnerabilities have been exploited. Use the show user command to display console and vty sessions. The initial session that causes these vulnerabilities could appear as an idle vty connection with a valid username, such as user1 in the examples below. If the attack persists, additional idle vty sessions will be displayed in the Host(s) column as HTTP CP. The following example shows output from the show user command on a device that has been compromised:
eWLC#show user
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 user1 idle 00:31:45
3 vty 1 HTTP CP 00:47:15
4 vty 2 HTTP CP 00:47:15
If the web UI is not responding and unexpected idle vty sessions are identified, the administrator may be able to clear these lines. Use the Idle time as an indicator and not the Host(s) value. Start at the first idle vty session and clear each line in succession until all have been cleared. All idle lines must be cleared before any listed sessions will disappear from the list. Once the last session is cleared, all of these vty lines should be freed.
Use the clear line x command to clear the idle vty sessions. The vty line is the left-most number. In this example, the CLI command clear line 2 will clear the user1 user session:
eWLC#clear line 2
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 user1 idle 00:31:45
3 vty 1 HTTP CP 00:47:15
4 vty 2 HTTP CP 00:47:15
If the vty lines cannot be cleared, the device may need to be reloaded in order to restore the web UI and vty session functionality.
Workarounds
There are no workarounds that address these vulnerabilities.
Disabling the HTTP Server feature eliminates the attack vector for these vulnerabilities and may be a suitable mitigation until affected devices can be upgraded. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.
While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
Fixed Software
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Cisco IOS and IOS XE Software
To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).
Customers can use the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to search advisories in the following ways:
Choose the software and one or more releases
Upload a .txt file that includes a list of specific releases
Enter the output of the show version command
After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.
Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S:
By default, the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
Source
Cisco would like to thank Marcin Kopec, Fabian Beck, and Jiri Kulda from Deutsche Telekom for reporting these vulnerabilities.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{ document: { acknowledgments: [ { summary: "Cisco would like to thank Marcin Kopec, Fabian Beck, and Jiri Kulda from Deutsche Telekom for reporting these vulnerabilities.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", notes: [ { category: "summary", text: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition.\r\n\r\nThese vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality.\r\n\r\nNote: These vulnerabilities do not affect the console connection.\r\n\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\r\n\r\n", title: "Summary", }, { category: "general", text: "At the time of publication, these vulnerabilities affected Cisco devices if they were running a vulnerable release of Cisco IOS XE Software and had the HTTP Server feature enabled. The default state of the HTTP Server feature in Cisco IOS XE Software is version and platform dependent.\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n Determine the HTTP Server Configuration\r\nTo determine whether the HTTP Server feature is enabled for a device, log in to the device and use the show running-config | include ip http server|secure|active command in the CLI to check for the presence of the ip http server command or the ip http secure-server command in the global configuration. If either command is present and configured, the HTTP Server feature is enabled for the device.\r\n\r\nThe following example shows the output of the show running-config | include ip http server|secure|active command for a device that has the HTTP Server feature enabled:\r\n\r\n\r\nRouter# show running-config | include ip http server|secure|active\r\nip http server\r\nip http secure-server\r\n\r\nNote: The presence of either command or both commands in the device configuration indicates that the web UI feature is enabled.\r\n\r\nIf the ip http server command is present and the configuration also contains ip http active-session-modules none, these vulnerabilities are not exploitable over HTTP.\r\n\r\nIf the ip http secure-server command is present and the configuration also contains ip http secure-active-session-modules none, these vulnerabilities are not exploitable over HTTPS.", title: "Vulnerable Products", }, { category: "general", text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.\r\n\r\nCisco has confirmed that these vulnerabilities do not affect the following Cisco products:\r\n\r\nIOS Software\r\nIOS XR Software\r\nNX-OS Software", title: "Products Confirmed Not Vulnerable", }, { category: "general", text: "Unexpected idle vty sessions may be an indicator that these vulnerabilities have been exploited. Use the show user command to display console and vty sessions. The initial session that causes these vulnerabilities could appear as an idle vty connection with a valid username, such as user1 in the examples below. If the attack persists, additional idle vty sessions will be displayed in the Host(s) column as HTTP CP. The following example shows output from the show user command on a device that has been compromised:\r\n\r\n\r\neWLC#show user\r\n Line User Host(s) Idle Location\r\n* 0 con 0 idle 00:00:00\r\n 2 vty 0 user1 idle 00:31:45\r\n 3 vty 1 HTTP CP 00:47:15\r\n 4 vty 2 HTTP CP 00:47:15\r\n\r\nIf the web UI is not responding and unexpected idle vty sessions are identified, the administrator may be able to clear these lines. Use the Idle time as an indicator and not the Host(s) value. Start at the first idle vty session and clear each line in succession until all have been cleared. All idle lines must be cleared before any listed sessions will disappear from the list. Once the last session is cleared, all of these vty lines should be freed.\r\n\r\nUse the clear line x command to clear the idle vty sessions. The vty line is the left-most number. In this example, the CLI command clear line 2 will clear the user1 user session:\r\n\r\n\r\neWLC#clear line 2\r\n Line User Host(s) Idle Location\r\n* 0 con 0 idle 00:00:00\r\n 2 vty 0 user1 idle 00:31:45\r\n 3 vty 1 HTTP CP 00:47:15\r\n 4 vty 2 HTTP CP 00:47:15\r\n\r\nIf the vty lines cannot be cleared, the device may need to be reloaded in order to restore the web UI and vty session functionality.", title: "Indicators of Compromise", }, { category: "general", text: "There are no workarounds that address these vulnerabilities.\r\n\r\nDisabling the HTTP Server feature eliminates the attack vector for these vulnerabilities and may be a suitable mitigation until affected devices can be upgraded. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.\r\n\r\nWhile this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.", title: "Workarounds", }, { category: "general", text: "When considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Cisco IOS and IOS XE Software\r\nTo help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).\r\n\r\nCustomers can use the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to search advisories in the following ways:\r\n\r\nChoose the software and one or more releases\r\nUpload a .txt file that includes a list of specific releases\r\nEnter the output of the show version command\r\n\r\nAfter initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.\r\n\r\nCustomers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S:\r\n\r\n\r\n\r\nBy default, the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search.", title: "Fixed Software", }, { category: "general", text: "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", title: "Vulnerability Policy", }, { category: "general", text: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", title: "Exploitation and Public Announcements", }, { category: "general", text: "Cisco would like to thank Marcin Kopec, Fabian Beck, and Jiri Kulda from Deutsche Telekom for reporting these vulnerabilities.", title: "Source", }, { category: "legal_disclaimer", text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", title: "Legal Disclaimer", }, ], publisher: { category: "vendor", contact_details: "psirt@cisco.com", issuing_authority: "Cisco PSIRT", name: "Cisco", namespace: "https://wwww.cisco.com", }, references: [ { category: "self", summary: "Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, { category: "external", summary: "Cisco Security Vulnerability Policy", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", }, { category: "external", summary: "considering software upgrades", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes", }, { category: "external", summary: "Cisco Security Advisories page", url: "https://www.cisco.com/go/psirt", }, { category: "external", summary: "Cisco Software Checker", url: "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x", }, ], title: "Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", tracking: { current_release_date: "2021-03-24T16:00:00+00:00", generator: { date: "2024-05-10T23:01:07+00:00", engine: { name: "TVCE", }, }, id: "cisco-sa-xe-webui-dos-z9yqYQAn", initial_release_date: "2021-03-24T16:00:00+00:00", revision_history: [ { date: "2021-03-24T15:30:37+00:00", number: "1.0.0", summary: "Initial public release.", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { branches: [ { category: "service_pack", name: "16.11.1", product: { name: "16.11.1", product_id: "CSAFPID-227918", }, }, { category: "service_pack", name: "16.11.1a", product: { name: "16.11.1a", product_id: "CSAFPID-252271", }, }, { category: "service_pack", name: "16.11.1b", product: { name: "16.11.1b", product_id: "CSAFPID-260741", }, }, { category: "service_pack", name: "16.11.2", product: { name: "16.11.2", product_id: "CSAFPID-261240", }, }, { category: "service_pack", name: "16.11.1s", product: { name: "16.11.1s", product_id: "CSAFPID-261465", }, }, { category: "service_pack", name: "16.11.1c", product: { name: "16.11.1c", product_id: "CSAFPID-264096", }, }, ], category: "product_version", name: "16.11", }, { branches: [ { category: "service_pack", name: "16.12.1", product: { name: "16.12.1", product_id: "CSAFPID-227920", }, }, { category: "service_pack", name: "16.12.1s", product: { name: "16.12.1s", product_id: "CSAFPID-265735", }, }, { category: "service_pack", name: "16.12.1a", product: { name: "16.12.1a", product_id: "CSAFPID-265841", }, }, { category: "service_pack", name: "16.12.1c", product: { name: "16.12.1c", product_id: "CSAFPID-267110", }, }, { category: "service_pack", name: "16.12.1w", product: { name: "16.12.1w", product_id: "CSAFPID-267240", }, }, { category: "service_pack", name: "16.12.2", product: { name: "16.12.2", product_id: "CSAFPID-267605", }, }, { category: "service_pack", name: "16.12.1y", product: { name: "16.12.1y", product_id: "CSAFPID-271938", }, }, { category: "service_pack", name: "16.12.2a", product: { name: "16.12.2a", product_id: "CSAFPID-272047", }, }, { category: "service_pack", name: "16.12.3", product: { name: "16.12.3", product_id: "CSAFPID-273445", }, }, { category: "service_pack", name: "16.12.2s", product: { name: "16.12.2s", product_id: "CSAFPID-273509", }, }, { category: "service_pack", name: "16.12.1x", product: { name: "16.12.1x", product_id: "CSAFPID-273649", }, }, { category: "service_pack", name: "16.12.1t", product: { name: "16.12.1t", product_id: "CSAFPID-274832", }, }, { category: "service_pack", name: "16.12.2t", product: { name: "16.12.2t", product_id: "CSAFPID-275538", }, }, { category: "service_pack", name: "16.12.4", product: { name: "16.12.4", product_id: "CSAFPID-277147", }, }, { category: "service_pack", name: "16.12.3s", product: { name: "16.12.3s", product_id: "CSAFPID-277255", }, }, { category: "service_pack", name: "16.12.1z", product: { name: "16.12.1z", product_id: "CSAFPID-277256", }, }, { category: "service_pack", name: "16.12.3a", product: { name: "16.12.3a", product_id: "CSAFPID-277321", }, }, { category: "service_pack", name: "16.12.4a", product: { name: "16.12.4a", product_id: "CSAFPID-278881", }, }, ], category: "product_version", name: "16.12", }, { branches: [ { category: "service_pack", name: "17.1.1", product: { name: "17.1.1", product_id: "CSAFPID-245377", }, }, { category: "service_pack", name: "17.1.1a", product: { name: "17.1.1a", product_id: "CSAFPID-272932", }, }, { category: "service_pack", name: "17.1.1s", product: { name: "17.1.1s", product_id: "CSAFPID-274818", }, }, { category: "service_pack", name: "17.1.2", product: { name: "17.1.2", product_id: "CSAFPID-277338", }, }, { category: "service_pack", name: "17.1.1t", product: { name: "17.1.1t", product_id: "CSAFPID-277348", }, }, ], category: "product_version", name: "17.1", }, { branches: [ { category: "service_pack", name: "17.2.1", product: { name: "17.2.1", product_id: "CSAFPID-251225", }, }, { category: "service_pack", name: "17.2.1r", product: { name: "17.2.1r", product_id: "CSAFPID-277194", }, }, { category: "service_pack", name: "17.2.1a", product: { name: "17.2.1a", product_id: "CSAFPID-277343", }, }, { category: "service_pack", name: "17.2.1v", product: { name: "17.2.1v", product_id: "CSAFPID-278002", }, }, { category: "service_pack", name: "17.2.2", product: { name: "17.2.2", product_id: "CSAFPID-278504", }, }, ], category: "product_version", name: "17.2", }, ], category: "product_family", name: "Cisco IOS XE Software", }, ], category: "vendor", name: "Cisco", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1220", ids: [ { system_name: "Cisco Bug ID", text: "CSCvu99729", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-252271", "CSAFPID-260741", "CSAFPID-261240", "CSAFPID-261465", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267240", "CSAFPID-267605", "CSAFPID-271938", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-273649", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-277147", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277256", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278881", ], }, release_date: "2021-03-24T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-252271", "CSAFPID-260741", "CSAFPID-261240", "CSAFPID-261465", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267240", "CSAFPID-267605", "CSAFPID-271938", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-273649", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-277147", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277256", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278881", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-252271", "CSAFPID-260741", "CSAFPID-261240", "CSAFPID-261465", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267240", "CSAFPID-267605", "CSAFPID-271938", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-273649", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-277147", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277256", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278881", ], }, ], title: "Cisco IOS XE Software Web Management Framework Denial of Service Vulnerability", }, { cve: "CVE-2021-1356", ids: [ { system_name: "Cisco Bug ID", text: "CSCvu94117", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-272932", "CSAFPID-274818", "CSAFPID-277194", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278504", ], }, release_date: "2021-03-24T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-272932", "CSAFPID-274818", "CSAFPID-277194", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278504", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-245377", "CSAFPID-251225", "CSAFPID-272932", "CSAFPID-274818", "CSAFPID-277194", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-278002", "CSAFPID-278504", ], }, ], title: "Cisco IOS XE Software Web Management Framework Denial of Service Vulnerability", }, ], }
gsd-2021-1220
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-1220", description: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.", id: "GSD-2021-1220", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-1220", ], details: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.", id: "GSD-2021-1220", modified: "2023-12-13T01:23:21.897279Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-03-24T16:00:00", ID: "CVE-2021-1220", STATE: "PUBLIC", TITLE: "Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco IOS XE Software ", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.", }, ], }, exploit: [ { lang: "eng", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. ", }, ], impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L ", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "20210324 Cisco IOS XE Software Web UI Denial of Service Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, ], }, source: { advisory: "cisco-sa-xe-webui-dos-z9yqYQAn", defect: [ [ "CSCvu94117", "CSCvu99729", ], ], discovery: "INTERNAL", }, }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*", matchCriteriaId: "4BF22C29-84DF-44CA-B574-FE04AB39E344", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.15.2xbs:*:*:*:*:*:*:*", matchCriteriaId: "C2C7C0BA-D618-4B65-B42C-43393167EEE0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", matchCriteriaId: "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", matchCriteriaId: "314C7763-A64D-4023-9F3F-9A821AE4151F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", matchCriteriaId: "5820D71D-FC93-45AA-BC58-A26A1A39C936", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*", matchCriteriaId: "FC1C85DD-69CC-4AA8-B219-651D57FC3506", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", matchCriteriaId: "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", matchCriteriaId: "B53E377A-0296-4D7A-B97C-576B0026543D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", matchCriteriaId: "C98DED36-D4B5-48D6-964E-EEEE97936700", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", matchCriteriaId: "CD98C9E8-3EA6-4160-970D-37C389576516", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", matchCriteriaId: "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", matchCriteriaId: "9027A528-2588-4C06-810B-5BB313FE4323", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", matchCriteriaId: "7745ED34-D59D-49CC-B174-96BCA03B3374", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*", matchCriteriaId: "19AF4CF3-6E79-4EA3-974D-CD451A192BA9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1x:*:*:*:*:*:*:*", matchCriteriaId: "313BD54C-073C-4F27-82D5-C99EFC3A20F7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*", matchCriteriaId: "93B96E01-3777-4C33-9225-577B469A6CE5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1z:*:*:*:*:*:*:*", matchCriteriaId: "65FC3CC1-CF4F-4A2D-A500-04395AFE8B47", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*", matchCriteriaId: "E5019B59-508E-40B0-9C92-2C26F58E2FBE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*", matchCriteriaId: "443D78BA-A3DA-4D1F-A4DF-2F426DC6B841", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", matchCriteriaId: "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*", matchCriteriaId: "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", matchCriteriaId: "D5750264-2990-4942-85F4-DB9746C5CA2B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*", matchCriteriaId: "02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", matchCriteriaId: "B9173AD6-6658-4267-AAA7-D50D0B657528", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", matchCriteriaId: "7F02EE9D-45B1-43D6-B05D-6FF19472216B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", matchCriteriaId: "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*", matchCriteriaId: "E306B09C-CB48-4067-B60C-5F738555EEAC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*", matchCriteriaId: "CD446C51-E713-4E46-8328-0A0477D140D2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*", matchCriteriaId: "4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*", matchCriteriaId: "4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*", matchCriteriaId: "89369318-2E83-489F-B872-5F2E247BBF8F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", matchCriteriaId: "B51FA707-8DB1-4596-9122-D4BFEF17F400", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*", matchCriteriaId: "C04DF35A-1B6F-420A-8D84-74EB41BF3700", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*", matchCriteriaId: "211CC9B2-6108-4C50-AB31-DC527C43053E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.", }, { lang: "es", value: "Múltiples vulnerabilidades en la Interfaz de Usuario Web del Software Cisco IOS XE, podrían permitir a un atacante remoto autenticado con privilegios de solo lectura hacer que el software de la interfaz de usuario web deje de responder y consuma instancias de línea vty, lo que resultará en una condición de denegación de servicio (DoS). Estas vulnerabilidades son debido a un manejo insuficiente de errores en la Interfaz de Usuario Web. Un atacante podría explotar estas vulnerabilidades mediante el envío de paquetes HTTP diseñados a un dispositivo afectado. Una explotación con éxito podría permitir el atacante causar que el software de la interfaz de usuario web deje de responder y consumiera todas las líneas vty disponibles, impidiendo el establecimiento de una nueva sesión y dando como resultado una condición de DoS. Se necesitaría una intervención manual para recuperar la Interfaz de Usuario Web y la funcionalidad de la sesión vty. Nota: estas vulnerabilidades no afectan la conexión de la consola", }, ], id: "CVE-2021-1220", lastModified: "2024-02-07T18:28:13.263", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "ykramarz@cisco.com", type: "Secondary", }, ], }, published: "2021-03-24T21:15:11.350", references: [ { source: "ykramarz@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, ], sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "ykramarz@cisco.com", type: "Secondary", }, ], }, }, }, }
ghsa-4m9r-j9f4-4m4g
Vulnerability from github
Published
2022-05-24 17:45
Modified
2024-02-07 18:30
Severity ?
Details
Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.
{ affected: [], aliases: [ "CVE-2021-1220", ], database_specific: { cwe_ids: [ "CWE-20", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2021-03-24T21:15:00Z", severity: "MODERATE", }, details: "Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.", id: "GHSA-4m9r-j9f4-4m4g", modified: "2024-02-07T18:30:26Z", published: "2022-05-24T17:45:11Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-1220", }, { type: "WEB", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xe-webui-dos-z9yqYQAn", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.