Details of VAR-202107-0430

ID

VAR-202107-0430

CVE

CVE-2021-1597

TITLE

Cisco 7000 Series IP Camera Memory Leak Vulnerability (CNVD-2021-57458)

Trust: 0.6

sources: CNVD: CNVD-2021-57458

DESCRIPTION

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). The Cisco 7000 series IP camera is a 5-megapixel, high-definition, outdoor fixed dome camera with a vandal-proof housing with pan/tilt/zoom functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-1597 // CNVD: CNVD-2021-57458 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1597

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-57458

AFFECTED PRODUCTS

vendor:	cisco	model:	video surveillance 7070	scope:	lt	version:	2.12.4	Trust: 1.0
vendor:	cisco	model:	video surveillance 7530pd	scope:	lt	version:	2.12.4	Trust: 1.0
vendor:	cisco	model:	series ip camera	scope:	eq	version:	7000<2.12.4	Trust: 0.6

sources: CNVD: CNVD-2021-57458 // NVD: CVE-2021-1597

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1597
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1597
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2021-57458
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-383
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-1597
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-1597
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-57458
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1597
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2021-57458 // VULMON: CVE-2021-1597 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-383 // NVD: CVE-2021-1597 // NVD: CVE-2021-1597

PROBLEMTYPE DATA

problemtype:

CWE-401

Trust: 1.0

sources: NVD: CVE-2021-1597

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-383

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-383

PATCH

title:	Patch for Cisco 7000 Series IP Camera Memory Leak Vulnerability (CNVD-2021-57458)	url:	https://www.cnvd.org.cn/patchInfo/show/283821	Trust: 0.6
title:	Cisco Video Surveillance 7000 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156218	Trust: 0.6
title:	Cisco: Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ipcamera-lldp-mem-wGqundTq	Trust: 0.1

sources: CNVD: CNVD-2021-57458 // VULMON: CVE-2021-1597 // CNNVD: CNNVD-202107-383

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1597	Trust: 2.3
db:	CNVD	id:	CNVD-2021-57458	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2334	Trust: 0.6
db:	CS-HELP	id:	SB2021070812	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-383	Trust: 0.6
db:	VULMON	id:	CVE-2021-1597	Trust: 0.1

sources: CNVD: CNVD-2021-57458 // VULMON: CVE-2021-1597 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-383 // NVD: CVE-2021-1597

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ipcamera-lldp-mem-wgqundtq	Trust: 3.0
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1597	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2334	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021070812	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-57458 // VULMON: CVE-2021-1597 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-383 // NVD: CVE-2021-1597

SOURCES

db:	CNVD	id:	CNVD-2021-57458
db:	VULMON	id:	CVE-2021-1597
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-383
db:	NVD	id:	CVE-2021-1597

LAST UPDATE DATE

2024-08-14T12:17:21.197000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-57458	date:	2021-08-02T00:00:00
db:	VULMON	id:	CVE-2021-1597	date:	2021-07-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-383	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-1597	date:	2023-11-07T03:28:44.640

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-57458	date:	2021-08-02T00:00:00
db:	VULMON	id:	CVE-2021-1597	date:	2021-07-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-383	date:	2021-07-07T00:00:00
db:	NVD	id:	CVE-2021-1597	date:	2021-07-08T19:15:09.737