Details of VAR-202107-0429

ID

VAR-202107-0429

CVE

CVE-2021-1596

TITLE

Cisco 7000 Series IP Camera Memory Leak Vulnerability (CNVD-2021-57459)

Trust: 0.6

sources: CNVD: CNVD-2021-57459

DESCRIPTION

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). The Cisco 7000 series IP camera is a 5-megapixel, high-definition, outdoor fixed dome camera with a vandal-proof housing with pan/tilt/zoom functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-1596 // CNVD: CNVD-2021-57459 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1596

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57459

AFFECTED PRODUCTS

vendor:	cisco	model:	video surveillance 7070	scope:	lt	version:	2.12.4	Trust: 1.0
vendor:	cisco	model:	video surveillance 7530pd	scope:	lt	version:	2.12.4	Trust: 1.0
vendor:	cisco	model:	series ip camera	scope:	eq	version:	7000<2.12.4	Trust: 0.6

sources: CNVD: CNVD-2021-57459 // NVD: CVE-2021-1596

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1596
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1596
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2021-57459
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-389
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-1596
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1596
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-57459
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1596
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2021-57459 // VULMON: CVE-2021-1596 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-389 // NVD: CVE-2021-1596 // NVD: CVE-2021-1596

PROBLEMTYPE DATA

problemtype:

CWE-401

Trust: 1.0

sources: NVD: CVE-2021-1596

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-389

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-389

PATCH

title:	Patch for Cisco 7000 Series IP Camera Memory Leak Vulnerability (CNVD-2021-57459)	url:	https://www.cnvd.org.cn/patchInfo/show/283816	Trust: 0.6
title:	Cisco Video Surveillance 7000 Series IP Cameras Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156224	Trust: 0.6
title:	Cisco: Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ipcamera-lldp-mem-wGqundTq	Trust: 0.1

sources: CNVD: CNVD-2021-57459 // VULMON: CVE-2021-1596 // CNNVD: CNNVD-202107-389

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1596	Trust: 2.3
db:	CNVD	id:	CNVD-2021-57459	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2334	Trust: 0.6
db:	CS-HELP	id:	SB2021070812	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-389	Trust: 0.6
db:	VULMON	id:	CVE-2021-1596	Trust: 0.1

sources: CNVD: CNVD-2021-57459 // VULMON: CVE-2021-1596 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-389 // NVD: CVE-2021-1596

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ipcamera-lldp-mem-wgqundtq	Trust: 3.0
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1596	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2334	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021070812	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-57459 // VULMON: CVE-2021-1596 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-389 // NVD: CVE-2021-1596

SOURCES

db:	CNVD	id:	CNVD-2021-57459
db:	VULMON	id:	CVE-2021-1596
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-389
db:	NVD	id:	CVE-2021-1596

LAST UPDATE DATE

2024-08-14T12:37:59.503000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57459	date:	2021-08-02T00:00:00
db:	VULMON	id:	CVE-2021-1596	date:	2021-07-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-389	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-1596	date:	2023-11-07T03:28:44.453

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57459	date:	2021-08-02T00:00:00
db:	VULMON	id:	CVE-2021-1596	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-389	date:	2021-07-07T00:00:00
db:	NVD	id:	CVE-2021-1596	date:	2021-07-08T19:15:09.507