Details of VAR-202108-0325

ID

VAR-202108-0325

CVE

CVE-2021-1593

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path on the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow an attacker with normal user privileges to execute arbitrary code on the affected system with the privileges of another user’s account. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-1593 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374647 // VULMON: CVE-2021-1593

AFFECTED PRODUCTS

vendor:	cisco	model:	packet tracer	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	cisco	model:	packet tracer	scope:	eq	version:	7.2.1	Trust: 1.0
vendor:	cisco	model:	packet tracer	scope:	eq	version:	7.2.2	Trust: 1.0
vendor:	cisco	model:	packet tracer	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	cisco	model:	packet tracer	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	packet tracer	scope:	eq	version:	7.3.0	Trust: 1.0

sources: NVD: CVE-2021-1593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1593
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1593
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-379
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374647
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1593
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1593
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374647
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1593
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-374647 // VULMON: CVE-2021-1593 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-379 // NVD: CVE-2021-1593 // NVD: CVE-2021-1593

PROBLEMTYPE DATA

problemtype:

CWE-427

Trust: 1.1

sources: VULHUB: VHN-374647 // NVD: CVE-2021-1593

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-379

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Cisco Packet Tracer Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159083	Trust: 0.6
title:	Cisco: Cisco Packet Tracer for Windows DLL Injection Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-packettracer-dll-inj-Qv8Mk5Jx	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/critical-cisco-bug-vpn-routers/168449/	Trust: 0.1

sources: VULMON: CVE-2021-1593 // CNNVD: CNNVD-202108-379

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1593	Trust: 1.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021080515	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2628	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-379	Trust: 0.6
db:	VULHUB	id:	VHN-374647	Trust: 0.1
db:	VULMON	id:	CVE-2021-1593	Trust: 0.1

sources: VULHUB: VHN-374647 // VULMON: CVE-2021-1593 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-379 // NVD: CVE-2021-1593

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-packettracer-dll-inj-qv8mk5jx	Trust: 2.5
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080515	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2628	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/427.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/critical-cisco-bug-vpn-routers/168449/	Trust: 0.1

sources: VULHUB: VHN-374647 // VULMON: CVE-2021-1593 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-379 // NVD: CVE-2021-1593

SOURCES

db:	VULHUB	id:	VHN-374647
db:	VULMON	id:	CVE-2021-1593
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-379
db:	NVD	id:	CVE-2021-1593

LAST UPDATE DATE

2024-08-14T12:58:32.994000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374647	date:	2021-08-11T00:00:00
db:	VULMON	id:	CVE-2021-1593	date:	2021-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-379	date:	2021-08-17T00:00:00
db:	NVD	id:	CVE-2021-1593	date:	2023-11-07T03:28:43.903

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374647	date:	2021-08-04T00:00:00
db:	VULMON	id:	CVE-2021-1593	date:	2021-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-379	date:	2021-08-04T00:00:00
db:	NVD	id:	CVE-2021-1593	date:	2021-08-04T18:15:08.633