CVE-2021-1251

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/14/2021 09:32:00 PM UTC

CVE-2021-1251 - advisory for cisco-sa-rv-multi-lldp-u7e4chCe

Source: Mitre
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Certain versions of Rv132w from Cisco contain the following vulnerability:

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

  • CVE-2021-1251 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
  • Affected Vendor/Software: Cisco - Cisco Small Business RV Series Router Firmware version n/a

CVSS3 Score: 7.4 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
ADJACENT_NETWORK LOW NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
CHANGED NONE NONE HIGH

CVSS2 Score: 6.1 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
ADJACENT_NETWORK LOW NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
NONE NONE COMPLETE

CVE References

Description Tags Link
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities tools.cisco.com
text/html
 URL Logo CISCO 20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareCiscoRv132w-AllAllAll
Operating
System		CiscoRv132w Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv132w Firmware1.0.3.20AllAllAll
HardwareCiscoRv134w-AllAllAll
Operating
System		CiscoRv134w Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv134w Firmware1.0.3.20AllAllAll
HardwareCiscoRv160-AllAllAll
HardwareCiscoRv160w-AllAllAll
Operating
System		CiscoRv160w Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv160w Firmware1.0.3.20AllAllAll
Operating
System		CiscoRv160 Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv160 Firmware1.0.3.20AllAllAll
HardwareCiscoRv260-AllAllAll
HardwareCiscoRv260p-AllAllAll
Operating
System		CiscoRv260p Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv260p Firmware1.0.3.20AllAllAll
HardwareCiscoRv260w-AllAllAll
Operating
System		CiscoRv260w Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv260w Firmware1.0.3.20AllAllAll
Operating
System		CiscoRv260 Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv260 Firmware1.0.3.20AllAllAll
HardwareCiscoRv340-AllAllAll
HardwareCiscoRv340w-AllAllAll
Operating
System		CiscoRv340w Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv340w Firmware1.0.3.20AllAllAll
Operating
System		CiscoRv340 Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv340 Firmware1.0.3.20AllAllAll
HardwareCiscoRv345-AllAllAll
HardwareCiscoRv345p-AllAllAll
Operating
System		CiscoRv345p Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv345p Firmware1.0.3.20AllAllAll
Operating
System		CiscoRv345 Firmware1.0.1.14AllAllAll
Operating
System		CiscoRv345 Firmware1.0.3.20AllAllAll
  • cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv132w_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv134w_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160w_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260p_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260w_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340w_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345p_firmware:1.0.3.20:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345_firmware:1.0.3.20:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1251 : Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco… twitter.com/i/web/status/1… 2021-04-08 04:16:03