Lucene search

[email protected]CVE-2021-1251

HistoryApr 08, 2021 - 4:15 a.m.

CVE-2021-1251

2021-04-0804:15:11

CWE-119

CWE-401

[email protected]

web.nvd.nist.gov

cve-2021-1251

cisco

small business rv series routers

lldp

layer 2

vulnerabilities

dos

nvd

advisory

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.9%

JSON

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Affected configurations

NVD

Node

ciscorv132w_firmwareMatch1.0.1.14

ciscorv132w_firmwareMatch1.0.3.20

AND

ciscorv132wMatch-

Node

ciscorv134w_firmwareMatch1.0.1.14

ciscorv134w_firmwareMatch1.0.3.20

AND

ciscorv134wMatch-

Node

ciscorv160_firmwareMatch1.0.1.14

ciscorv160_firmwareMatch1.0.3.20

AND

ciscorv160Match-

Node

ciscorv160w_firmwareMatch1.0.1.14

ciscorv160w_firmwareMatch1.0.3.20

AND

ciscorv160wMatch-

Node

ciscorv260_firmwareMatch1.0.1.14

ciscorv260_firmwareMatch1.0.3.20

AND

ciscorv260Match-

Node

ciscorv260p_firmwareMatch1.0.1.14

ciscorv260p_firmwareMatch1.0.3.20

AND

ciscorv260pMatch-

Node

ciscorv260w_firmwareMatch1.0.1.14

ciscorv260w_firmwareMatch1.0.3.20

AND

ciscorv260wMatch-

Node

ciscorv340_firmwareMatch1.0.1.14

ciscorv340_firmwareMatch1.0.3.20

AND

ciscorv340Match-

Node

ciscorv340w_firmwareMatch1.0.1.14

ciscorv340w_firmwareMatch1.0.3.20

AND

ciscorv340wMatch-

Node

ciscorv345_firmwareMatch1.0.1.14

ciscorv345_firmwareMatch1.0.3.20

AND

ciscorv345Match-

Node

ciscorv345p_firmwareMatch1.0.1.14

ciscorv345p_firmwareMatch1.0.3.20

AND

ciscorv345pMatch-

CPENameOperatorVersion
cisco:rv132w_firmwarecisco rv132w firmwareeq1.0.1.14
cisco:rv132w_firmwarecisco rv132w firmwareeq1.0.3.20

CPE	Name	Operator	Version
cisco:rv132w_firmware	cisco rv132w firmware	eq	1.0.1.14
cisco:rv132w_firmware	cisco rv132w firmware	eq	1.0.3.20

CNA Affected

[
  {
    "product": "Cisco Small Business RV Series Router Firmware ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe

Social References

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.9%

JSON

Related for CVE-2021-1251

cvelist1 nvd1 prion1 nessus1 cisco1