Lucene search

CiscoCVE-2021-1309

HistoryApr 08, 2021 - 4:15 a.m.

CVE-2021-1309

2021-04-0804:15:12

CWE-119

CWE-401

cisco

web.nvd.nist.gov

cve-2021-1309

cisco

rv series routers

lldp

vulnerabilities

security advisory

nvd

denial of service

dos

layer 2 protocol

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Affected configurations

Nvd

Node

ciscorv132w_firmwareMatch1.0.0.14

ciscorv132w_firmwareMatch1.0.1.14

ciscorv132w_firmwareMatch1.0.1.20

AND

ciscorv132wMatch-

Node

ciscorv134w_firmwareMatch1.0.0.14

ciscorv134w_firmwareMatch1.0.1.14

ciscorv134w_firmwareMatch1.0.1.20

AND

ciscorv134wMatch-

Node

ciscorv160_firmwareMatch1.0.0.14

ciscorv160_firmwareMatch1.0.1.14

ciscorv160_firmwareMatch1.0.1.20

AND

ciscorv160Match-

Node

ciscorv160w_firmwareMatch1.0.0.14

ciscorv160w_firmwareMatch1.0.1.14

ciscorv160w_firmwareMatch1.0.1.20

AND

ciscorv160wMatch-

Node

ciscorv260_firmwareMatch1.0.0.14

ciscorv260_firmwareMatch1.0.1.14

ciscorv260_firmwareMatch1.0.1.20

AND

ciscorv260Match-

Node

ciscorv260p_firmwareMatch1.0.0.14

ciscorv260p_firmwareMatch1.0.1.14

ciscorv260p_firmwareMatch1.0.1.20

AND

ciscorv260pMatch-

Node

ciscorv260w_firmwareMatch1.0.0.14

ciscorv260w_firmwareMatch1.0.1.14

ciscorv260w_firmwareMatch1.0.1.20

AND

ciscorv260wMatch-

Node

ciscorv340_firmwareMatch1.0.0.14

ciscorv340_firmwareMatch1.0.1.14

ciscorv340_firmwareMatch1.0.1.20

AND

ciscorv340Match-

Node

ciscorv340w_firmwareMatch1.0.0.14

ciscorv340w_firmwareMatch1.0.1.14

ciscorv340w_firmwareMatch1.0.1.20

AND

ciscorv340wMatch-

Node

ciscorv345_firmwareMatch1.0.0.14

ciscorv345_firmwareMatch1.0.1.14

ciscorv345_firmwareMatch1.0.1.20

AND

ciscorv345Match-

Node

ciscorv345p_firmwareMatch1.0.0.14

ciscorv345p_firmwareMatch1.0.1.14

ciscorv345p_firmwareMatch1.0.1.20

AND

ciscorv345pMatch-

VendorProductVersionCPE
ciscorv132w_firmware1.0.0.14cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:*:*:*:*:*:*:*
ciscorv132w_firmware1.0.1.14cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*
ciscorv132w_firmware1.0.1.20cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:*:*:*:*:*:*:*
ciscorv132w-cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*
ciscorv134w_firmware1.0.0.14cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:*:*:*:*:*:*:*
ciscorv134w_firmware1.0.1.14cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*
ciscorv134w_firmware1.0.1.20cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:*:*:*:*:*:*:*
ciscorv134w-cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*
ciscorv160_firmware1.0.0.14cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:*:*:*:*:*:*:*
ciscorv160_firmware1.0.1.14cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	rv132w_firmware	1.0.0.14	cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:::::::*
cisco	rv132w_firmware	1.0.1.14	cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:::::::*
cisco	rv132w_firmware	1.0.1.20	cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:::::::*
cisco	rv132w	-	cpe:2.3:h:cisco:rv132w:-:::::::*
cisco	rv134w_firmware	1.0.0.14	cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:::::::*
cisco	rv134w_firmware	1.0.1.14	cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:::::::*
cisco	rv134w_firmware	1.0.1.20	cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:::::::*
cisco	rv134w	-	cpe:2.3:h:cisco:rv134w:-:::::::*
cisco	rv160_firmware	1.0.0.14	cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:::::::*
cisco	rv160_firmware	1.0.1.14	cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:::::::*

Rows per page:

1-10 of 441

CNA Affected

[
  {
    "product": "Cisco Small Business RV Series Router Firmware",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe

Social References

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

36.3%

JSON

Related for CVE-2021-1309