{"containers": {"cna": {"affected": [{"product": "Cisco RoomOS Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-10-06T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot."}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-06T19:45:59.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20211006 Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT"}], "source": {"advisory": "cisco-sa-tpce-rmos-mem-dos-rck56tT", "defect": [["CSCvy60378"]], "discovery": "INTERNAL"}, "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-10-06T16:00:00", "ID": "CVE-2021-34758", "STATE": "PUBLIC", "TITLE": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco RoomOS Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot."}]}, "exploit": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "4.4", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-732"}]}]}, "references": {"reference_data": [{"name": "20211006 Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT"}]}, "source": {"advisory": "cisco-sa-tpce-rmos-mem-dos-rck56tT", "defect": [["CSCvy60378"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:48.204Z"}, "title": "CVE Program Container", "references": [{"name": "20211006 Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-07T21:40:10.365702Z", "id": "CVE-2021-34758", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T21:49:06.830Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-34758", "datePublished": "2021-10-06T19:45:59.401Z", "dateReserved": "2021-06-15T00:00:00.000Z", "dateUpdated": "2024-11-07T21:49:06.830Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT", "name": "20211006 Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:19:48.204Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-34758", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-07T21:40:10.365702Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T21:40:58.817Z"}}], "cna": {"title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability", "source": {"defect": [["CSCvy60378"]], "advisory": "cisco-sa-tpce-rmos-mem-dos-rck56tT", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco RoomOS Software", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2021-10-06T00:00:00.000Z", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT", "name": "20211006 Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2021-10-06T19:45:59.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "4.4", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}}, "source": {"defect": [["CSCvy60378"]], "advisory": "cisco-sa-tpce-rmos-mem-dos-rck56tT", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco RoomOS Software"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT", "name": "20211006 Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-732"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-34758", "STATE": "PUBLIC", "TITLE": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-10-06T16:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2021-34758", "state": "PUBLISHED", "dateUpdated": "2024-11-07T21:49:06.830Z", "dateReserved": "2021-06-15T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2021-10-06T19:45:59.401Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:*:*:*:*:*:*:*:*", "matchCriteriaId": "057A5B8F-EE83-451C-842F-7365A8F2146C", "versionEndExcluding": "10.7.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:roomos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F84713E-C1CE-4CAA-A5AC-A92E1FA8DC09", "versionEndExcluding": "10.7.1.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot."}, {"lang": "es", "value": "Una vulnerabilidad en la administraci\u00f3n de la memoria del software Cisco TelePresence Collaboration Endpoint (CE) y del software Cisco RoomOS, podr\u00eda permitir a un atacante local autenticado corromper un segmento de memoria compartida, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad es debido a los insuficientes controles de acceso a un recurso de memoria compartida. Un atacante podr\u00eda explotar esta vulnerabilidad al corromper un segmento de memoria compartida en un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar la recarga del dispositivo. El dispositivo se recuperar\u00e1 de la corrupci\u00f3n al reiniciar"}], "id": "CVE-2021-34758", "lastModified": "2024-11-21T06:11:08.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-06T20:15:12.590", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tpce-rmos-mem-dos-rck56tT"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}