CVE-2021-34770

{"id": "CVE-2021-34770", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2021-09-23T03:15:20.713", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el procesamiento del protocolo Control and Provisioning of Wireless Access Points (CAPWAP) de Cisco IOS XE Software para Cisco Catalyst 9000 Family Wireless Controllers podr\u00eda permitir a un atacante remoto no autenticado ejecutar c\u00f3digo arbitrario con privilegios administrativos o causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad es debido a un error l\u00f3gico que se produce durante la comprobaci\u00f3n de los paquetes CAPWAP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete CAPWAP dise\u00f1ado a un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario con privilegios administrativos o causar que el dispositivo afectado se bloquee y se recargue, lo que resulta en una condici\u00f3n de DoS"}], "lastModified": "2023-11-07T03:36:21.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.1xbs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BF22C29-84DF-44CA-B574-FE04AB39E344"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.15.2xbs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2C7C0BA-D618-4B65-B42C-43393167EEE0"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F35C623-6043-43A6-BBAA-478E185480CF"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADED0D82-2A4D-4235-BFAC-5EE2D862B652"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B53E377A-0296-4D7A-B97C-576B0026543D"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5750264-2990-4942-85F4-DB9746C5CA2B"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9173AD6-6658-4267-AAA7-D50D0B657528"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F02EE9D-45B1-43D6-B05D-6FF19472216B"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E306B09C-CB48-4067-B60C-5F738555EEAC"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89369318-2E83-489F-B872-5F2E247BBF8F"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B4D4659-A304-459F-8AB3-ED6D84B44C0F"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B51FA707-8DB1-4596-9122-D4BFEF17F400"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "128F95D7-E49F-4B36-8F47-823C0298449E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A48E6CF0-7A3B-4D11-8D02-0CD38F2420E9"}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543"}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-40_wireless_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E283C34-43AE-49A5-A72B-32DEA185ABD3"}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993"}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-80_wireless_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ADB3AF13-5324-42CD-8EDB-6F730BF46214"}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175"}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0"}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40"}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4"}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800_embedded_wireless_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78706517-83F4-4D44-A6EC-B78ADCEABAC0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}