Lucene search

CiscoCVE-2021-1615

HistorySep 23, 2021 - 3:15 a.m.

CVE-2021-1615

2021-09-2303:15:12

CWE-410

cisco

web.nvd.nist.gov

cisco

ewc

software

catalyst

aps

vulnerability

cve-2021-1615

nvd

denial of service

buffer allocation

dos

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

52.7%

JSON

A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP.

Affected configurations

Nvd

Node

ciscoembedded_wireless_controllerRange≤17.6.1

AND

ciscocatalyst_9105Match-

ciscocatalyst_9115Match-

ciscocatalyst_9117Match-

ciscocatalyst_9120Match-

ciscocatalyst_9124Match-

ciscocatalyst_9130Match-

VendorProductVersionCPE
ciscoembedded_wireless_controller*cpe:2.3:a:cisco:embedded_wireless_controller:*:*:*:*:*:*:*:*
ciscocatalyst_9105-cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*
ciscocatalyst_9115-cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*
ciscocatalyst_9117-cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*
ciscocatalyst_9120-cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*
ciscocatalyst_9124-cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*
ciscocatalyst_9130-cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	embedded_wireless_controller	*	cpe:2.3:a:cisco:embedded_wireless_controller::::::::
cisco	catalyst_9105	-	cpe:2.3:h:cisco:catalyst_9105:-:::::::*
cisco	catalyst_9115	-	cpe:2.3:h:cisco:catalyst_9115:-:::::::*
cisco	catalyst_9117	-	cpe:2.3:h:cisco:catalyst_9117:-:::::::*
cisco	catalyst_9120	-	cpe:2.3:h:cisco:catalyst_9120:-:::::::*
cisco	catalyst_9124	-	cpe:2.3:h:cisco:catalyst_9124:-:::::::*
cisco	catalyst_9130	-	cpe:2.3:h:cisco:catalyst_9130:-:::::::*

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.002

Percentile

52.7%

JSON

Related for CVE-2021-1615