CVE-2021-1614

EPSS 0.54%
Published 22.07.2021 16:15:08
Last modified 21.11.2024 05:44:44
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in MPLS buffer memory. This vulnerability is due to insufficient handling of malformed MPLS packets that are processed by a device that is running Cisco SD-WAN Software. An attacker could exploit this vulnerability by sending a crafted MPLS packet to an affected device that is running Cisco SD-WAN Software or Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Sd-wan Version >= 18.4.0 < 18.4.6

Cisco ≫ Sd-wan Version >= 19.2.0 < 19.2.3

Cisco ≫ Sd-wan Version >= 20.3 < 20.3.2

Cisco ≫ Sd-wan Version >= 20.4 < 20.4.1

Cisco ≫ Sd-wan Version >= 20.5 < 20.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.54%	0.648

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
psirt@cisco.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-126 Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-mpls-infodisclos-MSSRFkZq

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1614

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1614

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1614

EUVD