Description

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Related CPE's

o

cisco

rv132w_firmware

3

h

cisco

rv132w

-

o

cisco

rv134w_firmware

3

h

cisco

rv134w

-

o

cisco

rv160_firmware

3

h

cisco

rv160

-

o

cisco

rv160w_firmware

3

h

cisco

rv160w

-

o

cisco

rv260_firmware

3

h

cisco

rv260

-

o

cisco

rv260p_firmware

3

h

cisco

rv260p

-

o

cisco

rv260w_firmware

3

h

cisco

rv260w

-

o

cisco

rv340_firmware

3

h

cisco

rv340

-

o

cisco

rv340w_firmware

3

h

cisco

rv340w

-

o

cisco

rv345_firmware

3

h

cisco

rv345

-

o

cisco

rv345p_firmware

3

h

cisco

rv345p

-

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-401

[email protected]

Secondary
CWE-119

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-08T04:15:12.063

4 years ago

Last modified

2023-11-07T03:27:55.893

1 year ago