Lucene search

[email protected]CVE-2021-1513

HistoryMay 06, 2021 - 1:15 p.m.

CVE-2021-1513

2021-05-0613:15:10

CWE-20

[email protected]

web.nvd.nist.gov

vulnerability

vdaemon

cisco

sd-wan

software

remote attacker

device reload

dos

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

52.6%

JSON

A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Affected configurations

NVD

Node

ciscocatalyst_sd-wan_managerRange<20.3.1

ciscocatalyst_sd-wan_managerRange20.4–20.4.1

ciscocatalyst_sd-wan_managerRange20.5–20.5.1

ciscosd-wan_vbond_orchestratorMatch-

Node

ciscovsmart_controller_firmwareMatch-

AND

ciscovsmart_controllerMatch-

Node

ciscovedge_100_firmwareMatch-

AND

ciscovedge_100Match-

Node

ciscovedge_1000_firmwareMatch-

AND

ciscovedge_1000Match-

Node

ciscovedge_100b_firmwareMatch-

AND

ciscovedge_100bMatch-

Node

ciscovedge_100m_firmwareMatch-

AND

ciscovedge_100mMatch-

Node

ciscovedge_100wm_firmwareMatch-

AND

ciscovedge_100wmMatch-

Node

ciscovedge_2000_firmwareMatch-

AND

ciscovedge_2000Match-

Node

ciscovedge_5000_firmwareMatch-

AND

ciscovedge_5000Match-

Node

ciscovedge-100b_firmwareMatch-

AND

ciscovedge-100bMatch-

Node

ciscovedge_cloud_firmwareMatch-

AND

ciscovedge_cloudMatch-

CPENameOperatorVersion
cisco:catalyst_sd-wan_managercisco catalyst sd-wan managerlt20.3.1
cisco:catalyst_sd-wan_managercisco catalyst sd-wan managerlt20.4.1
cisco:catalyst_sd-wan_managercisco catalyst sd-wan managerlt20.5.1
cisco:sd-wan_vbond_orchestratorcisco sd-wan vbond orchestratoreq-

CPE	Name	Operator	Version
cisco:catalyst_sd-wan_manager	cisco catalyst sd-wan manager	lt	20.3.1
cisco:catalyst_sd-wan_manager	cisco catalyst sd-wan manager	lt	20.4.1
cisco:catalyst_sd-wan_manager	cisco catalyst sd-wan manager	lt	20.5.1
cisco:sd-wan_vbond_orchestrator	cisco sd-wan vbond orchestrator	eq	-

CNA Affected

[
  {
    "product": "Cisco SD-WAN Solution ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dos-Ckn5cVqW

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for CVE-2021-1513

cisco1 prion1 nessus1 cvelist1 nvd1