Details of VAR-202101-0746

ID

VAR-202101-0746

CVE

CVE-2021-1131

TITLE

plural Cisco Video Surveillance 8000 series IP Buffer error vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2021-002832

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. The vulnerability is due to missing checks when Cisco Discovery Protocol messages are processed. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected IP camera. A successful exploit could allow the attacker to cause the affected IP camera to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Can lead to denial of service

Trust: 2.16

sources: NVD: CVE-2021-1131 // JVNDB: JVNDB-2021-002832 // CNVD: CNVD-2021-41166

IOT TAXONOMY

category:	['IoT']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	IP camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-41166

AFFECTED PRODUCTS

vendor:	cisco	model:	video surveillance 8030 ip camera	scope:	lt	version:	1.0.9-8	Trust: 1.0
vendor:	cisco	model:	video surveillance 8070 ip camera	scope:	lt	version:	1.0.9-8	Trust: 1.0
vendor:	cisco	model:	video surveillance 8620 ip camera	scope:	lt	version:	1.0.9-8	Trust: 1.0
vendor:	cisco	model:	video surveillance 8630 ip camera	scope:	lt	version:	1.0.9-8	Trust: 1.0
vendor:	cisco	model:	video surveillance 8930 speed dome ip camera	scope:	lt	version:	1.0.9-8	Trust: 1.0
vendor:	cisco	model:	video surveillance 8400 ip camera	scope:	lt	version:	1.0.9-8	Trust: 1.0
vendor:	cisco	model:	video surveillance 8020 ip camera	scope:	lt	version:	1.0.9-8	Trust: 1.0
vendor:	cisco	model:	video surveillance 8000p ip camera	scope:	lt	version:	1.0.9-8	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco video surveillance 8000p ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8620 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8630 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8400 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8070 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8930 speed dome ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8020 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco video surveillance 8030 ip カメラ	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	video surveillance series	scope:	eq	version:	8000<1.0.9-8	Trust: 0.6

sources: CNVD: CNVD-2021-41166 // JVNDB: JVNDB-2021-002832 // NVD: CVE-2021-1131

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1131
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1131
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1131
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-41166
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202101-1038
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-1131
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-41166
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1131
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1131
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1131
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-41166 // JVNDB: JVNDB-2021-002832 // CNNVD: CNNVD-202101-1038 // NVD: CVE-2021-1131 // NVD: CVE-2021-1131

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-002832 // NVD: CVE-2021-1131

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1038

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1038

PATCH

title:	cisco-sa-ipcameras-dos-9zdZcUfq	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-dos-9zdZcUfq	Trust: 0.8
title:	Patch for Cisco Video Surveillance 8000 Series Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/272186	Trust: 0.6
title:	Cisco Video Surveillance 8000 Series IP Cameras Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139430	Trust: 0.6

sources: CNVD: CNVD-2021-41166 // JVNDB: JVNDB-2021-002832 // CNNVD: CNNVD-202101-1038

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1131	Trust: 3.1
db:	JVNDB	id:	JVNDB-2021-002832	Trust: 0.8
db:	CNVD	id:	CNVD-2021-41166	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0147	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1038	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-41166 // JVNDB: JVNDB-2021-002832 // CNNVD: CNNVD-202101-1038 // NVD: CVE-2021-1131

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ipcameras-dos-9zdzcufq	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1131	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0147/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-41166 // JVNDB: JVNDB-2021-002832 // CNNVD: CNNVD-202101-1038 // NVD: CVE-2021-1131

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2021-41166
db:	JVNDB	id:	JVNDB-2021-002832
db:	CNNVD	id:	CNNVD-202101-1038
db:	NVD	id:	CVE-2021-1131

LAST UPDATE DATE

2025-01-30T20:31:00.139000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-41166	date:	2021-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-002832	date:	2021-10-05T08:56:00
db:	CNNVD	id:	CNNVD-202101-1038	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1131	date:	2024-11-21T05:43:39.420

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-41166	date:	2021-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-002832	date:	2021-10-05T00:00:00
db:	CNNVD	id:	CNNVD-202101-1038	date:	2021-01-13T00:00:00
db:	NVD	id:	CVE-2021-1131	date:	2021-01-13T22:15:14.583