CVE-2021-34714

CVE Database · CVE-2021-34714

CVE-2021-34714

· HIGHModified

CVSS v3.1

7.4

EPSS

0.38%

Published

Sep 23, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (251)

cisco · fxos (up to 2.2.2.148)vulnerable

cisco · fxos (up to 2.3.1.216)vulnerable

cisco · fxos (up to 2.4.1.273)vulnerable

cisco · fxos (up to 2.6.1.224)vulnerable

cisco · fxos (up to 2.7.1.143)vulnerable

cisco · fxos (up to 2.8.1.143)vulnerable

cisco · fxos (up to 2.9.1.135)vulnerable

cisco · firepower_4100

cisco · firepower_4110

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs