CVE-2021-1301
published 2021-01-20CVE-2021-1301: Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.10%
79.4th percentile
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_sd-wan_solution | — | — |
| cisco | sd-wan | — | — |
| cisco | sd-wan_firmware | — | — |
| cisco | sd-wan_firmware | — | — |
| cisco | sd-wan_firmware | — | — |
| cisco | sd-wan_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-1301 affects Cisco SD-WAN products; track Cisco Bug IDs CSCvi69895 and CSCvt11525 for patch/version-based detection of vulnerable SD-WAN deployments. ↗
- →CVE-2021-1301 is a buffer overflow (CWE-119) with improper input validation (CWE-20) in Cisco SD-WAN; monitor for anomalous/oversized input to SD-WAN management or data-plane interfaces from unauthenticated remote sources. ↗
- ·No workarounds are available for these vulnerabilities; the only remediation is applying Cisco-released software updates. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco SD-WAN Buffer Overflow Vulnerabilities
vendor_cisco·2021-01-20·CVSS 9.8
CVE-2021-1300 [CRITICAL] CWE-119 Cisco SD-WAN Buffer Overflow Vulnerabilities
Cisco SD-WAN Buffer Overflow Vulnerabilities
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Cisco
Cisco SD-WAN Buffer Overflow Vulnerabilities
vendor_cisco·CVSS 3.0
CVE-2021-1301 Cisco SD-WAN Buffer Overflow Vulnerabilities
CVE-2021-1301: Cisco SD-WAN Buffer Overflow Vulnerabilities
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the
CVSS: 3.0
CWE: CWE-119, CWE-20, CWE-119, CWE-20
Bug IDs: CSCvi69895, CSCvt11525, CSCvt11525, CSCvi69895
GHSA
GHSA-75jh-gcr9-74rj: Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device
ghsa_unreviewed·2022-05-24
CVE-2021-1301 [CRITICAL] CWE-119 GHSA-75jh-gcr9-74rj: Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System
blogs_talos·2021-07-26·CVSS 7.8
[HIGH] Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System
Patrick DeSantis discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System.
The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technology, available in 32- and 64-bit versions.
This software contains multiple unsafe deserialization vulnerabilities that could allow an attacker to execute arbitrary code on the victim machine. These issues exist across a variety of the software’s functions. For more information on these vulnerabilities, read their individual advisories below.
- TALOS-2021-1300 (CVE-2021-21863)
- TALOS-2021-1301 (CVE-2021-21864)
- TALOS-2021-1302 (CVE-2021-21865)
- TALOS-2021-1303 (CVE-2021-21866)
- TALOS-2021-1304 (CVE-2021-21867)
-
Talos
Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System
blogs_talos·2021-07-26·CVSS 7.8
[HIGH] Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System
## Vulnerability Spotlight: Unsafe deserialization vulnerabilities in CODESYS Development System
Patrick DeSantis discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the CODESYS Development System.
The CODESYS Development System is the IEC 61131-3 programming tool for industrial control and automation technology, available in 32- and 64-bit versions.
This software contains multiple unsafe deserialization vulnerabilities that could allow an attacker to execute arbitrary code on the victim machine. These issues exist across a variety of the software’s functions. For more information on these vulnerabilities, read their individual advisories below.
TALOS-2021-1300 (CVE-2021-21863)
TALOS-2021-1301 (CVE-2021-21864)
TALOS-2021
2021-01-20
Published