Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2021-1309

Published

3 years ago

Last Modified

5 months ago

CVSSv2.0 Severity

High

CVSSv3.1 Severity

High

Impact Analysis

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)..

CVSSv2.0 Score

Severity: High
Base Score: 8.3/10
Exploit Score: 6.5/10
Access Vector: Adjacent_network
Access Complexity: Low
Authentication Required: None
Impact Score: 10/10
Confidentiality Impact: Complete
Availability Impact: Complete
Integrity Impact: Complete

CVSSv3.1 Score

Severity: High
Base Score: 8.8/10
Exploit Score: 2.8/10
Access Vector: Adjacent_network
Access Complexity: Low
Privileges Required: None
Impact Score: 5.9/10
Confidentiality Impact: High
Availability Impact: High
Integrity Impact: High
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Excluding
cpe:2.3:o:cisco:rv132w_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv132w_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv132w_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv132w:-:::::::*	No	-
cpe:2.3:o:cisco:rv134w_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv134w_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv134w_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv134w:-:::::::*	No	-
cpe:2.3:o:cisco:rv160_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv160_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv160_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv160:-:::::::*	No	-
cpe:2.3:o:cisco:rv160w_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv160w_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv160w_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv160w:-:::::::*	No	-
cpe:2.3:o:cisco:rv260_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv260_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv260_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv260:-:::::::*	No	-
cpe:2.3:o:cisco:rv260p_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv260p_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv260p_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv260p:-:::::::*	No	-
cpe:2.3:o:cisco:rv260w_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv260w_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv260w_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv260w:-:::::::*	No	-
cpe:2.3:o:cisco:rv340_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv340_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv340_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv340:-:::::::*	No	-
cpe:2.3:o:cisco:rv340w_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv340w_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv340w_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv340w:-:::::::*	No	-
cpe:2.3:o:cisco:rv345_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv345_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv345_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv345:-:::::::*	No	-
cpe:2.3:o:cisco:rv345p_firmware:1.0.0.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv345p_firmware:1.0.1.14:::::::*	Yes	-
cpe:2.3:o:cisco:rv345p_firmware:1.0.1.20:::::::*	Yes	-
cpe:2.3:h:cisco:rv345p:-:::::::*	No	-

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-