Sign-up

ID

VAR-202102-0569


CVE

CVE-2021-1266


TITLE

Cisco Managed Services Accelerator  Resource Depletion Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003111

DESCRIPTION

A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device

Trust: 1.8

sources: NVD: CVE-2021-1266 // JVNDB: JVNDB-2021-003111 // VULHUB: VHN-374320 // VULMON: CVE-2021-1266

AFFECTED PRODUCTS

vendor:ciscomodel:managed services acceleratorscope:ltversion:3.10.0

Trust: 1.0

vendor:シスコシステムズmodel:managed services acceleratorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:managed services acceleratorscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003111 // NVD: CVE-2021-1266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1266
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1266
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1266
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202102-239
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374320
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1266
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374320
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1266
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1266
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1266
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374320 // JVNDB: JVNDB-2021-003111 // CNNVD: CNNVD-202102-239 // NVD: CVE-2021-1266 // NVD: CVE-2021-1266

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374320 // JVNDB: JVNDB-2021-003111 // NVD: CVE-2021-1266

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-239

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202102-239

PATCH

title:cisco-sa-msx-dos-4j7sytvUurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-msx-dos-4j7sytvU

Trust: 0.8

title:Cisco Managed Services Accelerator Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140462

Trust: 0.6

title:Cisco: Cisco Managed Services Accelerator Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-msx-dos-4j7sytvU

Trust: 0.1

sources: VULMON: CVE-2021-1266 // JVNDB: JVNDB-2021-003111 // CNNVD: CNNVD-202102-239

EXTERNAL IDS

db:NVDid:CVE-2021-1266

Trust: 2.6

db:JVNDBid:JVNDB-2021-003111

Trust: 0.8

db:CNNVDid:CNNVD-202102-239

Trust: 0.6

db:VULHUBid:VHN-374320

Trust: 0.1

db:VULMONid:CVE-2021-1266

Trust: 0.1

sources: VULHUB: VHN-374320 // VULMON: CVE-2021-1266 // JVNDB: JVNDB-2021-003111 // CNNVD: CNNVD-202102-239 // NVD: CVE-2021-1266

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-msx-dos-4j7sytvu

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1266

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/196134

Trust: 0.1

sources: VULHUB: VHN-374320 // VULMON: CVE-2021-1266 // JVNDB: JVNDB-2021-003111 // CNNVD: CNNVD-202102-239 // NVD: CVE-2021-1266

SOURCES

db:VULHUBid:VHN-374320
db:VULMONid:CVE-2021-1266
db:JVNDBid:JVNDB-2021-003111
db:CNNVDid:CNNVD-202102-239
db:NVDid:CVE-2021-1266

LAST UPDATE DATE

2024-11-23T22:11:07.876000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374320date:2021-02-08T00:00:00
db:VULMONid:CVE-2021-1266date:2021-02-08T00:00:00
db:JVNDBid:JVNDB-2021-003111date:2021-10-18T08:04:00
db:CNNVDid:CNNVD-202102-239date:2021-02-09T00:00:00
db:NVDid:CVE-2021-1266date:2024-11-21T05:43:57.827

SOURCES RELEASE DATE

db:VULHUBid:VHN-374320date:2021-02-04T00:00:00
db:VULMONid:CVE-2021-1266date:2021-02-04T00:00:00
db:JVNDBid:JVNDB-2021-003111date:2021-10-18T00:00:00
db:CNNVDid:CNNVD-202102-239date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1266date:2021-02-04T17:15:14.857