cvelistv5 - cve-2021-34699

CVE-2021-34699 (GCVE-0-2021-34699)

Vulnerability from cvelistv5

Published

2021-09-23 02:25

Modified

2024-11-18 20:47

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-435

Summary

A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

References

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2

vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:19:48.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210922 Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-34699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-08T16:58:34.389966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-18T20:47:47.863Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-09-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-435",
              "description": "CWE-435",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-23T02:25:42.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210922 Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2"
        }
      ],
      "source": {
        "advisory": "cisco-sa-trustsec-dos-7fuXDR2",
        "defect": [
          [
            "CSCvx66699"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-09-22T16:00:00",
          "ID": "CVE-2021-34699",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.7",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-435"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210922 Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-trustsec-dos-7fuXDR2",
          "defect": [
            [
              "CSCvx66699"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-34699",
    "datePublished": "2021-09-23T02:25:42.458Z",
    "dateReserved": "2021-06-15T00:00:00.000Z",
    "dateUpdated": "2024-11-18T20:47:47.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2\", \"name\": \"20210922 Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T00:19:48.092Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-34699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-08T16:58:34.389966Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-18T20:47:38.241Z\"}}], \"cna\": {\"title\": \"Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability\", \"source\": {\"defect\": [[\"CSCvx66699\"]], \"advisory\": \"cisco-sa-trustsec-dos-7fuXDR2\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2021-09-22T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2\", \"name\": \"20210922 Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-435\", \"description\": \"CWE-435\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2021-09-23T02:25:42.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.7\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\"}}, \"source\": {\"defect\": [[\"CSCvx66699\"]], \"advisory\": \"cisco-sa-trustsec-dos-7fuXDR2\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IOS\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2\", \"name\": \"20210922 Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an improper interaction between the web UI and the CLI parser. An attacker could exploit this vulnerability by requesting a particular CLI command to be run through the web UI. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-435\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-34699\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOS and IOS XE Software  TrustSec CLI Parser Denial of Service  Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2021-09-22T16:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-34699\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-18T20:47:47.863Z\", \"dateReserved\": \"2021-06-15T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2021-09-23T02:25:42.458Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2021-AVI-728

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	IOS XE	Cisco IOS XE SD-WAN Software
Cisco	N/A	Cisco Catalyst IW6300 Heavy Duty Series APs
Cisco	N/A	Cisco Catalyst 9100 APs
Cisco	N/A	Cisco Aironet 2800 Series APs
Cisco	N/A	Cisco 1000 Integrated Services Routers (ISRs)
Cisco	N/A	Cisco Aironet 1540 Series APs
Cisco	IOS XE	Cisco IOS XE Software
Cisco	N/A	Cisco Aironet 1800 Series APs
Cisco	N/A	Cisco 4000 Series ISRs
Cisco	N/A	Cisco cBR-8 Converged Broadband Routers
Cisco	N/A	Cisco Aironet 4800 APs
Cisco	N/A	Cisco Embedded Wireless Controller on Catalyst Access Points
Cisco	N/A	Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
Cisco	N/A	Cisco 6300 Series Embedded Services APs
Cisco	N/A	Cisco Aironet 1560 Series
Cisco	N/A	Cisco Cloud Services Router (CSR) 1000V Series
Cisco	N/A	Cisco Integrated APs on 1100 Integrated Services Routers (ISRs)
Cisco	IOS	Cisco IOS
Cisco	N/A	Cisco Catalyst IW 6300 APs
Cisco	N/A	Cisco Catalyst 9800 Series Wireless Controllers
Cisco	N/A	Cisco Cloud Services Router 1000V Series
Cisco	N/A	Cisco Catalyst 9800 Wireless Controller for Cloud
Cisco	N/A	Cisco Integrated Services Virtual (ISRv) Routers
Cisco	N/A	Cisco Aironet 3800 Series APs
Cisco	N/A	Cisco ASR 1000 Series Aggregation Services Routers
Cisco	N/A	Cisco 1000 Series Integrated Services Routers (ISRs)
Cisco	N/A	Cisco Catalyst 9800 Wireless Controllers
Cisco	N/A	Cisco Aironet 1800 APs
Cisco	N/A	Cisco Catalyst 9800-CL Wireless Controllers for Cloud
Cisco	N/A	Cisco EWC Software for Catalyst APs
Cisco	N/A	Cisco Catalyst 9800 Wireless Controllers for Cloud
Cisco	N/A	Cisco Integrated Access Point on 1100 Integrated Services Routers
Cisco	N/A	Cisco Aironet 1540 Series
Cisco	N/A	Cisco ESW6300 Series APs
Cisco	N/A	Cisco Aironet 1560 Series APs

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-cbr8-cops-Vc2ZsJSx du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-aaa-Yx47ZT8Q du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxesdwan-rbuffover-vE2OB6tp du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ewlc-gre-6u4ELzAT du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-fxo-pattern-bypass-jUXgygYv du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-quewedge-69BsHUBW du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ratenat-pYVLA7wM du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ikev2-ebFrwMPr du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ewlc-capwap-rce-LYgj8Kf du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-airo-wpa-pktleak-dos-uSTyGrL du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iosxe-ewc-dos-g6JruHRT du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-cbr8snmp-zGjkZ9Fc du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ewlc-capwap-dos-gmNjdKOY du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-cisco-ap-LLjsGxv du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-trustsec-dos-7fuXDR2 du 22 septembre 2021	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ewlc-ipv6-dos-NMYeCnZv du 22 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IOS XE SD-WAN Software",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst IW6300 Heavy Duty Series APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 9100 APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 2800 Series APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 1000 Integrated Services Routers (ISRs)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1540 Series APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XE Software",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1800 Series APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 4000 Series ISRs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco cBR-8 Converged Broadband Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 4800 APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Embedded Wireless Controller on Catalyst Access Points",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 6300 Series Embedded Services APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1560 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Cloud Services Router (CSR) 1000V Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Integrated APs on 1100 Integrated Services Routers (ISRs)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS",
      "product": {
        "name": "IOS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst IW 6300 APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 9800 Series Wireless Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Cloud Services Router 1000V Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 9800 Wireless Controller for Cloud",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Integrated Services Virtual (ISRv) Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 3800 Series APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASR 1000 Series Aggregation Services Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco 1000 Series Integrated Services Routers (ISRs)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 9800 Wireless Controllers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1800 APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 9800-CL Wireless Controllers for Cloud",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco EWC Software for Catalyst APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Catalyst 9800 Wireless Controllers for Cloud",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Integrated Access Point on 1100 Integrated Services Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1540 Series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ESW6300 Series APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Aironet 1560 Series APs",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-1565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1565"
    },
    {
      "name": "CVE-2021-34769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34769"
    },
    {
      "name": "CVE-2021-34770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34770"
    },
    {
      "name": "CVE-2021-1621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1621"
    },
    {
      "name": "CVE-2021-1419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1419"
    },
    {
      "name": "CVE-2021-1615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1615"
    },
    {
      "name": "CVE-2021-34727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34727"
    },
    {
      "name": "CVE-2021-34699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34699"
    },
    {
      "name": "CVE-2021-34768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34768"
    },
    {
      "name": "CVE-2021-1611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1611"
    },
    {
      "name": "CVE-2021-34740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34740"
    },
    {
      "name": "CVE-2021-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1620"
    },
    {
      "name": "CVE-2021-34767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34767"
    },
    {
      "name": "CVE-2021-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1623"
    },
    {
      "name": "CVE-2021-1624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1624"
    },
    {
      "name": "CVE-2021-1622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1622"
    },
    {
      "name": "CVE-2021-34705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34705"
    },
    {
      "name": "CVE-2021-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1619"
    }
  ],
  "initial_release_date": "2021-09-23T00:00:00",
  "last_revision_date": "2021-09-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-728",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cbr8-cops-Vc2ZsJSx du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8-cops-Vc2ZsJSx"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-aaa-Yx47ZT8Q du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Q"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxesdwan-rbuffover-vE2OB6tp du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-rbuffover-vE2OB6tp"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-gre-6u4ELzAT du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-gre-6u4ELzAT"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-fxo-pattern-bypass-jUXgygYv du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxo-pattern-bypass-jUXgygYv"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-quewedge-69BsHUBW du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-quewedge-69BsHUBW"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ratenat-pYVLA7wM du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ratenat-pYVLA7wM"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ikev2-ebFrwMPr du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-capwap-rce-LYgj8Kf du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-airo-wpa-pktleak-dos-uSTyGrL du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-ewc-dos-g6JruHRT du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cbr8snmp-zGjkZ9Fc du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8snmp-zGjkZ9Fc"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-capwap-dos-gmNjdKOY du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-dos-gmNjdKOY"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cisco-ap-LLjsGxv du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-ap-LLjsGxv"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-trustsec-dos-7fuXDR2 du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-trustsec-dos-7fuXDR2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ewlc-ipv6-dos-NMYeCnZv du 22 septembre 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-ipv6-dos-NMYeCnZv"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-34699 (GCVE-0-2021-34699)

Vulnerability from cvelistv5

CERTFR-2021-AVI-728

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature