Sign-up

ID

VAR-202107-0431


CVE

CVE-2021-1598


TITLE

Cisco 7000 Series IP Camera Memory Leak Vulnerability (CNVD-2021-57457)

Trust: 0.6

sources: CNVD: CNVD-2021-57457

DESCRIPTION

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). The Cisco 7000 series IP camera is a 5-megapixel, high-definition, outdoor fixed dome camera with a vandal-proof housing with pan/tilt/zoom functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-1598 // CNVD: CNVD-2021-57457 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1598

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-57457

AFFECTED PRODUCTS

vendor:ciscomodel:video surveillance 7070scope:ltversion:2.12.4

Trust: 1.0

vendor:ciscomodel:video surveillance 7530pdscope:ltversion:2.12.4

Trust: 1.0

vendor:ciscomodel:series ip camerascope:eqversion:7000<2.12.4

Trust: 0.6

sources: CNVD: CNVD-2021-57457 // NVD: CVE-2021-1598

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1598
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1598
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2021-57457
value: LOW

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-418
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-1598
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1598
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-57457
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1598
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2021-57457 // VULMON: CVE-2021-1598 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-418 // NVD: CVE-2021-1598 // NVD: CVE-2021-1598

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

sources: NVD: CVE-2021-1598

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-418

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-418

PATCH

title:Patch for Cisco 7000 Series IP Camera Memory Leak Vulnerability (CNVD-2021-57457)url:https://www.cnvd.org.cn/patchInfo/show/283826

Trust: 0.6

title:Cisco: Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Memory Leak Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ipcamera-lldp-mem-wGqundTq

Trust: 0.1

sources: CNVD: CNVD-2021-57457 // VULMON: CVE-2021-1598

EXTERNAL IDS

db:NVDid:CVE-2021-1598

Trust: 2.3

db:CNVDid:CNVD-2021-57457

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2334

Trust: 0.6

db:CS-HELPid:SB2021070812

Trust: 0.6

db:CNNVDid:CNNVD-202107-418

Trust: 0.6

db:VULMONid:CVE-2021-1598

Trust: 0.1

sources: CNVD: CNVD-2021-57457 // VULMON: CVE-2021-1598 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-418 // NVD: CVE-2021-1598

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ipcamera-lldp-mem-wgqundtq

Trust: 2.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2334

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021070812

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1598

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/401.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-57457 // VULMON: CVE-2021-1598 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-418 // NVD: CVE-2021-1598

SOURCES

db:CNVDid:CNVD-2021-57457
db:VULMONid:CVE-2021-1598
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-418
db:NVDid:CVE-2021-1598

LAST UPDATE DATE

2024-08-14T13:05:32.093000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-57457date:2021-08-02T00:00:00
db:VULMONid:CVE-2021-1598date:2021-07-13T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-418date:2021-08-24T00:00:00
db:NVDid:CVE-2021-1598date:2023-11-07T03:28:44.807

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-57457date:2021-08-02T00:00:00
db:VULMONid:CVE-2021-1598date:2021-07-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-418date:2021-07-08T00:00:00
db:NVDid:CVE-2021-1598date:2021-07-08T19:15:10.057