CVE-2021-1308

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/15/2021 01:35:00 PM UTC

CVE-2021-1308 - advisory for cisco-sa-rv-multi-lldp-u7e4chCe

Source: Mitre
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Certain versions of Rv132w from Cisco contain the following vulnerability:

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

  • CVE-2021-1308 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
  • Affected Vendor/Software: Cisco - Cisco Small Business RV Series Router Firmware version n/a

CVSS3 Score: 7.4 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
ADJACENT_NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED NONE NONE HIGH

CVSS2 Score: 6.1 - MEDIUM

Access
Vector
Access
Complexity
Authentication
ADJACENT_NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE COMPLETE

CVE References

Description Tags Link
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities tools.cisco.com
text/html
URL Logo CISCO 20210407 Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareCiscoRv132w-AllAllAll
Operating
System
CiscoRv132w Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv132w Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv132w Firmware1.0.1.20AllAllAll
HardwareCiscoRv134w-AllAllAll
Operating
System
CiscoRv134w Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv134w Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv134w Firmware1.0.1.20AllAllAll
HardwareCiscoRv160-AllAllAll
HardwareCiscoRv160w-AllAllAll
Operating
System
CiscoRv160w Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv160w Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv160w Firmware1.0.1.20AllAllAll
Operating
System
CiscoRv160 Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv160 Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv160 Firmware1.0.1.20AllAllAll
HardwareCiscoRv260-AllAllAll
HardwareCiscoRv260p-AllAllAll
Operating
System
CiscoRv260p Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv260p Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv260p Firmware1.0.1.20AllAllAll
HardwareCiscoRv260w-AllAllAll
Operating
System
CiscoRv260w Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv260w Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv260w Firmware1.0.1.20AllAllAll
Operating
System
CiscoRv260 Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv260 Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv260 Firmware1.0.1.20AllAllAll
HardwareCiscoRv340-AllAllAll
HardwareCiscoRv340w-AllAllAll
Operating
System
CiscoRv340w Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv340w Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv340w Firmware1.0.1.20AllAllAll
Operating
System
CiscoRv340 Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv340 Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv340 Firmware1.0.1.20AllAllAll
HardwareCiscoRv345-AllAllAll
HardwareCiscoRv345p-AllAllAll
Operating
System
CiscoRv345p Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv345p Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv345p Firmware1.0.1.20AllAllAll
Operating
System
CiscoRv345 Firmware1.0.0.14AllAllAll
Operating
System
CiscoRv345 Firmware1.0.1.14AllAllAll
Operating
System
CiscoRv345 Firmware1.0.1.20AllAllAll
  • cpe:2.3:h:cisco:rv132w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv134w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv160:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv160w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160w_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160w_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv160_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv260:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv260p:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260p_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260p_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv260w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260w_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260w_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv260_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340w_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340w_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv340_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345p_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345p_firmware:1.0.1.20:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345_firmware:1.0.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:rv345_firmware:1.0.1.20:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1308 : Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco… twitter.com/i/web/status/1… 2021-04-08 04:16:30