CVE-2021-1615 - OpenCVE

A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Catalyst 9105 Catalyst 9115 Catalyst 9117 Catalyst 9120 Catalyst 9124 Catalyst 9130 Embedded Wireless Controller

Configuration 1 [-]

AND

cpe:2.3:a:cisco:embedded_wireless_controller:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:catalyst_9105:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130:-:::::::*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-09-23T02:30:45.294570Z

Updated: 2024-09-17T03:34:03.057Z

Reserved: 2020-11-13T00:00:00

Link: CVE-2021-1615

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-09-23T03:15:12.470

Modified: 2023-11-07T03:28:47.423

Link: CVE-2021-1615

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-410", "description": "CWE-410", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-23T02:30:45", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20210922 Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"}], "source": {"advisory": "cisco-sa-iosxe-ewc-dos-g6JruHRT", "defect": [["CSCvy04449"]], "discovery": "INTERNAL"}, "title": "Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-09-22T16:00:00", "ID": "CVE-2021-1615", "STATE": "PUBLIC", "TITLE": "Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "8.6", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-410"}]}]}, "references": {"reference_data": [{"name": "20210922 Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"}]}, "source": {"advisory": "cisco-sa-iosxe-ewc-dos-g6JruHRT", "defect": [["CSCvy04449"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:18:10.808Z"}, "title": "CVE Program Container", "references": [{"name": "20210922 Cisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1615", "datePublished": "2021-09-23T02:30:45.294570Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-09-17T03:34:03.057Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:embedded_wireless_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A643D3A-AF4A-4408-A3D9-E29059FA5246", "versionEndIncluding": "17.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F3CCCFE-88CC-4F7B-8958-79CA62516EA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*", "matchCriteriaId": "4081C532-3B10-4FBF-BB22-5BA17BC6FCF8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FCE2220-E2E6-4A17-9F0A-2C927FAB4AA5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*", "matchCriteriaId": "A47C2D6F-8F90-4D74-AFE1-EAE954021F46", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*", "matchCriteriaId": "C11EF240-7599-4138-B7A7-17E4479F5B83", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1C8E35A-5A9B-4D56-A753-937D5CFB5B19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the packet processing functionality of Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected AP. This vulnerability is due to insufficient buffer allocation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to exhaust available resources and cause a DoS condition on an affected AP, as well as a DoS condition for client traffic traversing the AP."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad packet processing de Cisco Embedded Wireless Controller (EWC) Software for Catalyst Access Points (APs) podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un AP afectado. Esta vulnerabilidad es debido a una asignaci\u00f3n insuficiente del b\u00fafer. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de tr\u00e1fico dise\u00f1ado a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante agotar los recursos disponibles y causar una condici\u00f3n de DoS en un AP afectado, as\u00ed como una condici\u00f3n de DoS para el tr\u00e1fico del cliente que atraviesa el AP"}], "id": "CVE-2021-1615", "lastModified": "2023-11-07T03:28:47.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2021-09-23T03:15:12.470", "references": [{"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-ewc-dos-g6JruHRT"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-410"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}