Details of VAR-202107-0428

ID

VAR-202107-0428

CVE

CVE-2021-1595

TITLE

Cisco 7000 Series IP Camera Memory Leak Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-57460

DESCRIPTION

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). The Cisco 7000 series IP camera is a 5-megapixel, high-definition, outdoor fixed dome camera with a vandal-proof housing with pan/tilt/zoom functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-1595 // CNVD: CNVD-2021-57460 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1595

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57460

AFFECTED PRODUCTS

vendor:	cisco	model:	video surveillance 7070	scope:	lt	version:	2.12.4	Trust: 1.0
vendor:	cisco	model:	video surveillance 7530pd	scope:	lt	version:	2.12.4	Trust: 1.0
vendor:	cisco	model:	series ip camera	scope:	eq	version:	7000<2.12.4	Trust: 0.6

sources: CNVD: CNVD-2021-57460 // NVD: CVE-2021-1595

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1595
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1595
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2021-57460
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-400
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-1595
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1595
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-57460
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1595
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2021-57460 // VULMON: CVE-2021-1595 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-400 // NVD: CVE-2021-1595 // NVD: CVE-2021-1595

PROBLEMTYPE DATA

problemtype:

CWE-401

Trust: 1.0

sources: NVD: CVE-2021-1595

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-400

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-400

PATCH

title:	Patch for Cisco 7000 Series IP Camera Memory Leak Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/283811	Trust: 0.6
title:	Cisco Video Surveillance 7000 Series IP Cameras Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156232	Trust: 0.6
title:	Cisco: Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ipcamera-lldp-mem-wGqundTq	Trust: 0.1

sources: CNVD: CNVD-2021-57460 // VULMON: CVE-2021-1595 // CNNVD: CNNVD-202107-400

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1595	Trust: 2.3
db:	CNVD	id:	CNVD-2021-57460	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2334	Trust: 0.6
db:	CS-HELP	id:	SB2021070812	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-400	Trust: 0.6
db:	VULMON	id:	CVE-2021-1595	Trust: 0.1

sources: CNVD: CNVD-2021-57460 // VULMON: CVE-2021-1595 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-400 // NVD: CVE-2021-1595

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ipcamera-lldp-mem-wgqundtq	Trust: 3.0
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1595	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2334	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021070812	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-57460 // VULMON: CVE-2021-1595 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-400 // NVD: CVE-2021-1595

SOURCES

db:	CNVD	id:	CNVD-2021-57460
db:	VULMON	id:	CVE-2021-1595
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-400
db:	NVD	id:	CVE-2021-1595

LAST UPDATE DATE

2024-08-14T12:59:13.975000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57460	date:	2021-08-02T00:00:00
db:	VULMON	id:	CVE-2021-1595	date:	2021-07-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-400	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-1595	date:	2023-11-07T03:28:44.273

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57460	date:	2021-08-02T00:00:00
db:	VULMON	id:	CVE-2021-1595	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-400	date:	2021-07-07T00:00:00
db:	NVD	id:	CVE-2021-1595	date:	2021-07-08T19:15:09.360