Lucene search

CiscoCVE-2021-1451

HistoryMar 24, 2021 - 8:15 p.m.

CVE-2021-1451

2021-03-2420:15:15

CWE-119

cisco

web.nvd.nist.gov

vulnerability

easy virtual switching system

vss

cisco

ios xe software

catalyst 4500

catalyst 4500-x

remote code execution

linux operating system

udp

buffer overflow

denial of service

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON

A vulnerability in the Easy Virtual Switching System (VSS) feature of Cisco IOS XE Software for Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying Linux operating system of an affected device. The vulnerability is due to incorrect boundary checks of certain values in Easy VSS protocol packets that are destined for an affected device. An attacker could exploit this vulnerability by sending crafted Easy VSS protocol packets to UDP port 5500 while the affected device is in a specific state. When the crafted packet is processed, a buffer overflow condition may occur. A successful exploit could allow the attacker to trigger a denial of service (DoS) condition or execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.

Affected configurations

Nvd

Node

ciscoios_xeMatch3.6.0be

ciscoios_xeMatch3.6.0e

ciscoios_xeMatch3.6.1e

ciscoios_xeMatch3.6.2e

ciscoios_xeMatch3.6.3e

ciscoios_xeMatch3.6.4e

ciscoios_xeMatch3.6.5ae

ciscoios_xeMatch3.6.5be

ciscoios_xeMatch3.6.5e

ciscoios_xeMatch3.6.6e

ciscoios_xeMatch3.6.7e

ciscoios_xeMatch3.6.8e

ciscoios_xeMatch3.6.9e

ciscoios_xeMatch3.6.10e

ciscoios_xeMatch3.7.0e

ciscoios_xeMatch3.7.1e

ciscoios_xeMatch3.7.2e

ciscoios_xeMatch3.7.3e

ciscoios_xeMatch3.7.4e

ciscoios_xeMatch3.7.5e

ciscoios_xeMatch3.8.0e

ciscoios_xeMatch3.8.1e

ciscoios_xeMatch3.8.2e

ciscoios_xeMatch3.8.3e

ciscoios_xeMatch3.8.4e

ciscoios_xeMatch3.8.5ae

ciscoios_xeMatch3.8.5e

ciscoios_xeMatch3.8.6e

ciscoios_xeMatch3.8.7e

ciscoios_xeMatch3.8.8e

ciscoios_xeMatch3.8.9e

ciscoios_xeMatch3.8.10e

ciscoios_xeMatch3.9.0e

ciscoios_xeMatch3.9.1e

ciscoios_xeMatch3.9.2be

ciscoios_xeMatch3.9.2e

ciscoios_xeMatch3.10.0ce

ciscoios_xeMatch3.10.0e

ciscoios_xeMatch3.10.1ae

ciscoios_xeMatch3.10.1e

ciscoios_xeMatch3.10.1se

ciscoios_xeMatch3.10.2e

ciscoios_xeMatch3.10.3e

ciscoios_xeMatch3.11.0e

ciscoios_xeMatch3.11.1ae

ciscoios_xeMatch3.11.1e

ciscoios_xeMatch3.11.2ae

ciscoios_xeMatch3.11.2e

ciscoios_xeMatch3.11.3ae

ciscoios_xeMatch3.11.3e

ciscoios_xeMatch15.2\(7\)e

ciscoios_xeMatch16.11.2

ciscoios_xeMatch16.12.5a

ciscoios_xeMatch17.3.1

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
ciscoios_xe3.6.0becpe:2.3:o:cisco:ios_xe:3.6.0be:*:*:*:*:*:*:*
ciscoios_xe3.6.0ecpe:2.3:o:cisco:ios_xe:3.6.0e:*:*:*:*:*:*:*
ciscoios_xe3.6.1ecpe:2.3:o:cisco:ios_xe:3.6.1e:*:*:*:*:*:*:*
ciscoios_xe3.6.2ecpe:2.3:o:cisco:ios_xe:3.6.2e:*:*:*:*:*:*:*
ciscoios_xe3.6.3ecpe:2.3:o:cisco:ios_xe:3.6.3e:*:*:*:*:*:*:*
ciscoios_xe3.6.4ecpe:2.3:o:cisco:ios_xe:3.6.4e:*:*:*:*:*:*:*
ciscoios_xe3.6.5aecpe:2.3:o:cisco:ios_xe:3.6.5ae:*:*:*:*:*:*:*
ciscoios_xe3.6.5becpe:2.3:o:cisco:ios_xe:3.6.5be:*:*:*:*:*:*:*
ciscoios_xe3.6.5ecpe:2.3:o:cisco:ios_xe:3.6.5e:*:*:*:*:*:*:*
ciscoios_xe3.6.6ecpe:2.3:o:cisco:ios_xe:3.6.6e:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.6.0be	cpe:2.3:o:cisco:ios_xe:3.6.0be:::::::*
cisco	ios_xe	3.6.0e	cpe:2.3:o:cisco:ios_xe:3.6.0e:::::::*
cisco	ios_xe	3.6.1e	cpe:2.3:o:cisco:ios_xe:3.6.1e:::::::*
cisco	ios_xe	3.6.2e	cpe:2.3:o:cisco:ios_xe:3.6.2e:::::::*
cisco	ios_xe	3.6.3e	cpe:2.3:o:cisco:ios_xe:3.6.3e:::::::*
cisco	ios_xe	3.6.4e	cpe:2.3:o:cisco:ios_xe:3.6.4e:::::::*
cisco	ios_xe	3.6.5ae	cpe:2.3:o:cisco:ios_xe:3.6.5ae:::::::*
cisco	ios_xe	3.6.5be	cpe:2.3:o:cisco:ios_xe:3.6.5be:::::::*
cisco	ios_xe	3.6.5e	cpe:2.3:o:cisco:ios_xe:3.6.5e:::::::*
cisco	ios_xe	3.6.6e	cpe:2.3:o:cisco:ios_xe:3.6.6e:::::::*

Rows per page:

1-10 of 551

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-evss-code-exe-8cw5VSvw

Social References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON

Related for CVE-2021-1451