Details of VAR-202105-0634

ID

VAR-202105-0634

CVE

CVE-2021-1521

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to reload. This vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected IP camera. A successful exploit could allow the attacker to cause the affected IP camera to reload unexpectedly, resulting in a denial of service (DoS) condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.53

sources: NVD: CVE-2021-1521 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1521

IOT TAXONOMY

category:

['camera device']

sub_category:

IP camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	cisco	model:	video surveillance 8000p	scope:	lt	version:	1.0.9-11	Trust: 1.0
vendor:	cisco	model:	video surveillance 8630	scope:	lt	version:	1.0.9-11	Trust: 1.0
vendor:	cisco	model:	video surveillance 8020	scope:	lt	version:	1.0.9-11	Trust: 1.0
vendor:	cisco	model:	video surveillance 8930	scope:	lt	version:	1.0.9-11	Trust: 1.0
vendor:	cisco	model:	video surveillance 8070	scope:	lt	version:	1.0.9-11	Trust: 1.0
vendor:	cisco	model:	video surveillance 8030	scope:	lt	version:	1.0.9-11	Trust: 1.0
vendor:	cisco	model:	video surveillance 8400	scope:	lt	version:	1.0.9-11	Trust: 1.0
vendor:	cisco	model:	video surveillance 8620	scope:	lt	version:	1.0.9-11	Trust: 1.0

sources: NVD: CVE-2021-1521

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1521
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1521
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-195
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-1521
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1521
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2021-1521
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULMON: CVE-2021-1521 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-195 // NVD: CVE-2021-1521 // NVD: CVE-2021-1521

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2021-1521

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202105-195

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Cisco Video Surveillance 8000 Series IP Cameras Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149225	Trust: 0.6
title:	Cisco: Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ipcameras-dos-fc3F6LzT	Trust: 0.1

sources: VULMON: CVE-2021-1521 // CNNVD: CNNVD-202105-195

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1521	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050632	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1544	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-195	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-1521	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-1521 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-195 // NVD: CVE-2021-1521

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ipcameras-dos-fc3f6lzt	Trust: 2.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050632	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1544	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-1521 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-195 // NVD: CVE-2021-1521

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2021-1521
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-195
db:	NVD	id:	CVE-2021-1521

LAST UPDATE DATE

2025-01-30T19:50:23.504000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-1521	date:	2021-05-17T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-195	date:	2021-05-19T00:00:00
db:	NVD	id:	CVE-2021-1521	date:	2023-11-07T03:28:30.590

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-1521	date:	2021-05-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-195	date:	2021-05-05T00:00:00
db:	NVD	id:	CVE-2021-1521	date:	2021-05-06T13:15:11.063