Details of VAR-202101-1035

ID

VAR-202101-1035

CVE

CVE-2021-1312

TITLE

Cisco Elastic Services Controller Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1528

DESCRIPTION

A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for the maximum number of TCP connections and SYN backlog. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to block TCP listening ports that are used by the health monitor API. This vulnerability only affects customers who use the health monitor API. Cisco Elastic Services Controller (ESC) is an open source modular system for managing virtual resources from Cisco

Trust: 1.08

sources: NVD: CVE-2021-1312 // VULHUB: VHN-374366 // VULMON: CVE-2021-1312

AFFECTED PRODUCTS

vendor:

cisco

model:

elastic services controller

scope:

lte

version:

5.3.0.94

Trust: 1.0

sources: NVD: CVE-2021-1312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1312
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1312
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202101-1528
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374366
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1312
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1312
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374366
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1312
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1312
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-374366 // VULMON: CVE-2021-1312 // CNNVD: CNNVD-202101-1528 // NVD: CVE-2021-1312 // NVD: CVE-2021-1312

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.1

sources: VULHUB: VHN-374366 // NVD: CVE-2021-1312

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1528

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202101-1528

PATCH

title:	Cisco Elastic Services Controller (ESC) Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139924	Trust: 0.6
title:	Cisco: Cisco Elastic Services Controller Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-esc-dos-4Gw6D527	Trust: 0.1

sources: VULMON: CVE-2021-1312 // CNNVD: CNNVD-202101-1528

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1312	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.0248	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1528	Trust: 0.6
db:	VULHUB	id:	VHN-374366	Trust: 0.1
db:	VULMON	id:	CVE-2021-1312	Trust: 0.1

sources: VULHUB: VHN-374366 // VULMON: CVE-2021-1312 // CNNVD: CNNVD-202101-1528 // NVD: CVE-2021-1312

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esc-dos-4gw6d527	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1312	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0248/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195320	Trust: 0.1

sources: VULHUB: VHN-374366 // VULMON: CVE-2021-1312 // CNNVD: CNNVD-202101-1528 // NVD: CVE-2021-1312

SOURCES

db:	VULHUB	id:	VHN-374366
db:	VULMON	id:	CVE-2021-1312
db:	CNNVD	id:	CNNVD-202101-1528
db:	NVD	id:	CVE-2021-1312

LAST UPDATE DATE

2024-11-23T22:44:17.838000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374366	date:	2021-01-29T00:00:00
db:	VULMON	id:	CVE-2021-1312	date:	2021-01-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1528	date:	2021-02-01T00:00:00
db:	NVD	id:	CVE-2021-1312	date:	2024-11-21T05:44:04.120

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374366	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1312	date:	2021-01-20T00:00:00
db:	CNNVD	id:	CNNVD-202101-1528	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1312	date:	2021-01-20T20:15:17.283