CVE-2021-1308

Q: What is the severity of CVE-2021-1308?

CVE-2021-1308 has a CVSS score of 7.4 (HIGH). This vulnerability allows an unauthenticated attacker on the same network segment to execute arbitrary code, leak memory, or cause denial of service on affected Cisco Small Business RV Series Routers. Attackers must be Layer 2 adjacent to the target device. Organizations using these routers in vulnerable configurations are affected.

7.4 HIGH

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows an unauthenticated attacker on the same network segment to execute arbitrary code, leak memory, or cause denial of service on affected Cisco Small Business RV Series Routers. Attackers must be Layer 2 adjacent to the target device. Organizations using these routers in vulnerable configurations are affected.

💻 Affected Systems

Products:

Cisco Small Business RV Series Routers

Versions: Specific versions listed in Cisco advisory; generally affects multiple firmware versions prior to patched releases.

Operating Systems: Cisco IOS-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: LLDP is typically enabled by default on these devices. Exploitation requires attacker to be in same broadcast domain (same VLAN or physical network segment).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, and lateral movement within the network.

🟠

Likely Case

Denial of service through memory leaks or device reloads, disrupting network connectivity for connected users and services.

🟢

If Mitigated

Limited to denial of service if code execution fails, but still causes network disruption until device restart.

🌐 Internet-Facing: LOW - LLDP is a Layer 2 protocol and requires physical or VLAN adjacency, making internet exploitation unlikely.

🏢 Internal Only: HIGH - Attackers on the same network segment can exploit this without authentication, posing significant internal threat.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires Layer 2 adjacency and crafting of malicious LLDP packets. No authentication needed, but attacker must be on same network segment.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Cisco advisory for specific fixed versions per device model

Vendor Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-multi-lldp-u7e4chCe

Restart Required: Yes

Instructions:

1. Identify your RV Series router model. 2. Check Cisco advisory for fixed firmware version. 3. Download firmware from Cisco support site. 4. Upload and install via web interface. 5. Reboot router after installation.

🔧 Temporary Workarounds

Disable LLDP

all

Disable Link Layer Discovery Protocol on affected interfaces to prevent exploitation

configure terminal
interface [interface-name]
no lldp transmit
no lldp receive
end
write memory

Network Segmentation

all

Isolate RV Series routers on separate VLANs to limit Layer 2 adjacency

🧯 If You Can't Patch

Implement strict network segmentation to limit devices that can communicate with RV routers
Deploy network monitoring for anomalous LLDP traffic and implement ACLs to restrict LLDP communications

🔍 How to Verify

Check if Vulnerable:

Check router firmware version against affected versions in Cisco advisory. Also verify LLDP status with 'show lldp neighbors' or web interface.

Check Version:

show version (CLI) or check System Information in web interface

Verify Fix Applied:

Confirm firmware version matches patched version from Cisco advisory. Verify LLDP functionality if re-enabled after patch.

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Memory allocation errors in system logs
LLDP protocol anomalies

Network Indicators:

Unusual LLDP traffic patterns
LLDP packets with malformed TLVs
Traffic from unexpected MAC addresses to router management interfaces

SIEM Query:

source="router_logs" AND ("reboot" OR "memory" OR "lldp") AND severity=ERROR

📊 Metadata

CVE ID: CVE-2021-1308

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-119

Published: April 8, 2021

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Rv132w Firmware by Cisco

Rv132w Firmware by Cisco

Rv132w Firmware by Cisco

Rv134w Firmware by Cisco

Rv134w Firmware by Cisco

Rv134w Firmware by Cisco

Rv160 Firmware by Cisco

Rv160 Firmware by Cisco

Rv160 Firmware by Cisco

Rv160w Firmware by Cisco

Rv160w Firmware by Cisco

Rv160w Firmware by Cisco

Rv260 Firmware by Cisco

Rv260 Firmware by Cisco

Rv260 Firmware by Cisco

Rv260p Firmware by Cisco

Rv260p Firmware by Cisco

Rv260p Firmware by Cisco

Rv260w Firmware by Cisco

Rv260w Firmware by Cisco

Rv260w Firmware by Cisco

Rv340 Firmware by Cisco

Rv340 Firmware by Cisco

Rv340 Firmware by Cisco

Rv340w Firmware by Cisco

Rv340w Firmware by Cisco

Rv340w Firmware by Cisco

Rv345 Firmware by Cisco

Rv345 Firmware by Cisco

Rv345 Firmware by Cisco

Rv345p Firmware by Cisco

Rv345p Firmware by Cisco

Rv345p Firmware by Cisco

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable LLDP

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities