Details of VAR-202106-0635

ID

VAR-202106-0635

CVE

CVE-2021-1568

TITLE

Windows for Cisco AnyConnect Secure Mobility Client Excessive size value memory allocation vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-008232

DESCRIPTION

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-1568 // JVNDB: JVNDB-2021-008232 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374622 // VULMON: CVE-2021-1568

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	lt	version:	4.10.01075	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco anyconnect secure mobility client	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-008232 // NVD: CVE-2021-1568

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1568
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1568
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1568
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1302
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374622
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-1568
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1568
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374622
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1568
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1568
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374622 // VULMON: CVE-2021-1568 // JVNDB: JVNDB-2021-008232 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1302 // NVD: CVE-2021-1568 // NVD: CVE-2021-1568

PROBLEMTYPE DATA

problemtype:	CWE-789	Trust: 1.1
problemtype:	Excessive size value memory allocation (CWE-789) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374622 // JVNDB: JVNDB-2021-008232 // NVD: CVE-2021-1568

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1302

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1302

PATCH

title:	cisco-sa-anyconnect-dos-hMhyDfb8	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-hMhyDfb8	Trust: 0.8
title:	Cisco AnyConnect Secure Mobility Client for Windows Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155080	Trust: 0.6
title:	Cisco: Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-anyconnect-dos-hMhyDfb8	Trust: 0.1
title:	主流供应商的一些攻击性漏洞汇总	url:	https://github.com/r0eXpeR/supplier	Trust: 0.1

sources: VULMON: CVE-2021-1568 // JVNDB: JVNDB-2021-008232 // CNNVD: CNNVD-202106-1302

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1568	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-008232	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2144	Trust: 0.6
db:	CS-HELP	id:	SB2021061623	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1302	Trust: 0.6
db:	VULHUB	id:	VHN-374622	Trust: 0.1
db:	VULMON	id:	CVE-2021-1568	Trust: 0.1

sources: VULHUB: VHN-374622 // VULMON: CVE-2021-1568 // JVNDB: JVNDB-2021-008232 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1302 // NVD: CVE-2021-1568

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-dos-hmhydfb8	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1568	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2144	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-anyconnect-secure-mobility-client-for-windows-denial-of-service-via-specific-folder-file-copying-35706	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061623	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/789.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/r0exper/supplier	Trust: 0.1

sources: VULHUB: VHN-374622 // VULMON: CVE-2021-1568 // JVNDB: JVNDB-2021-008232 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1302 // NVD: CVE-2021-1568

SOURCES

db:	VULHUB	id:	VHN-374622
db:	VULMON	id:	CVE-2021-1568
db:	JVNDB	id:	JVNDB-2021-008232
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-1302
db:	NVD	id:	CVE-2021-1568

LAST UPDATE DATE

2024-08-14T13:06:53.485000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374622	date:	2021-06-23T00:00:00
db:	VULMON	id:	CVE-2021-1568	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-008232	date:	2022-03-09T08:23:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1302	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-1568	date:	2023-11-07T03:28:39.263

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374622	date:	2021-06-16T00:00:00
db:	VULMON	id:	CVE-2021-1568	date:	2021-06-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-008232	date:	2022-03-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-1302	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-1568	date:	2021-06-16T18:15:08.943