CVE-2021-1350
published 2021-01-20CVE-2021-1350: A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
1.28%
66.4th percentile
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_umbrella_insights_virtual_appliance | — | — |
| cisco | umbrella_dashboard_packet_flood | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_cisco5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-28r8-9g34-2x25: A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service
ghsa_unreviewed·2022-05-24
CVE-2021-1350 [MEDIUM] CWE-770 GHSA-28r8-9g34-2x25: A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service.
The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI.
Cisco has addressed this vulnerability.
Cisco
Cisco Umbrella Dashboard Packet Flood Vulnerability
vendor_cisco·2021-01-20·CVSS 5.3
CVE-2021-1350 [MEDIUM] CWE-770 Cisco Umbrella Dashboard Packet Flood Vulnerability
Cisco Umbrella Dashboard Packet Flood Vulnerability
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service.
The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI.
Cisco has addressed this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umb-dos-dgKzDEBP
Cisco
Cisco Umbrella Dashboard Packet Flood Vulnerability
vendor_cisco·CVSS 3.1
CVE-2021-1350 Cisco Umbrella Dashboard Packet Flood Vulnerability
CVE-2021-1350: Cisco Umbrella Dashboard Packet Flood Vulnerability
A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability. There are no
CVSS: 3.1
CWE: CWE-770, CWE-770
Bug IDs: CSCvw61612
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD
blogs_talos·2021-11-17·CVSS 8.8
CVE-2021-21898 [HIGH] Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD
Lilith >_> of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered three vulnerabilities in LibreCAD’s libdfxfw open-source library.
This library reads and writes .dxf and .dwg files — the primary file format for vector graphics in CAD software. LibreCAD, a free computer-aided design software for 2-D models, uses this libdfxfw.
TALOS-2021-1349 (CVE-2021-21898) and TALOS-2021-1350 (CVE-2021-21899) can trigger buffer overflows if an attacker tricks the user into opening a specially crafted DWG file, eventually allowing the attacker to execute code on the victim machine. TALOS-2021-1351 (CVE-2021-21900) works in a similar manner, but with a DXF file instead. Cisco Talos worked with LibreCAD to ensure that these issues are resolved and an update is available for affect
Talos
Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD
blogs_talos·2021-11-17·CVSS 8.8
CVE-2021-21898 [HIGH] Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD
## Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD
Lilith >_> of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered three vulnerabilities in LibreCAD’s libdfxfw open-source library.
This library reads and writes .dxf and .dwg files — the primary file format for vector graphics in CAD software. LibreCAD, a free computer-aided design software for 2-D models, uses this libdfxfw.
TALOS-2021-1349 (CVE-2021-21898) and TALOS-2021-1350 (CVE-2021-21899) can trigger buffer overflows if an attacker tricks the user into opening a specially crafted DWG file, eventually allowing the attacker to execute code on the victim machine. TALOS-2021-1351 (CVE-2021-21900) works in a similar manner, but with a DXF file instead. Cisco Talos worked with LibreC
2021-01-20
Published