CVE-2021-1590

EPSS 0.82%
Veröffentlicht 25.08.2021 20:15:11
Zuletzt bearbeitet 21.11.2024 05:44:41
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Nx-os Version7.0(3)i4(0.116)

   Cisco ≫ Nexus 3000 Version-
   Cisco ≫ Nexus 3048 Version-
   Cisco ≫ Nexus 31108pc-v Version-
   Cisco ≫ Nexus 31108tc-v Version-
   Cisco ≫ Nexus 31128pq Version-
   Cisco ≫ Nexus 3132c-z Version-
   Cisco ≫ Nexus 3132q-v Version-
   Cisco ≫ Nexus 3132q-x/3132q-xl Version-
   Cisco ≫ Nexus 3164q Version-
   Cisco ≫ Nexus 3172pq/pq-xl Version-
   Cisco ≫ Nexus 3172tq-xl Version-
   Cisco ≫ Nexus 3232c Version-
   Cisco ≫ Nexus 3264c-e Version-
   Cisco ≫ Nexus 3264q Version-
   Cisco ≫ Nexus 3408-s Version-
   Cisco ≫ Nexus 34180yc Version-
   Cisco ≫ Nexus 3432d-s Version-
   Cisco ≫ Nexus 3464c Version-
   Cisco ≫ Nexus 3524-x/xl Version-
   Cisco ≫ Nexus 3548-x/xl Version-
   Cisco ≫ Nexus 36180yc-r Version-
   Cisco ≫ Nexus 3636c-r Version-
   Cisco ≫ Nexus 5548p Version-
   Cisco ≫ Nexus 5548up Version-
   Cisco ≫ Nexus 5596t Version-
   Cisco ≫ Nexus 5596up Version-
   Cisco ≫ Nexus 56128p Version-
   Cisco ≫ Nexus 5624q Version-
   Cisco ≫ Nexus 5648q Version-
   Cisco ≫ Nexus 5672up Version-
   Cisco ≫ Nexus 5672up-16g Version-
   Cisco ≫ Nexus 5696q Version-
   Cisco ≫ Nexus 6001 Version-
   Cisco ≫ Nexus 6004 Version-
   Cisco ≫ Nexus 7000 10-slot Version-
   Cisco ≫ Nexus 7000 18-slot Version-
   Cisco ≫ Nexus 7000 4-slot Version-
   Cisco ≫ Nexus 7000 9-slot Version-
   Cisco ≫ Nexus 7000 Supervisor 1 Version-
   Cisco ≫ Nexus 7000 Supervisor 2 Version-
   Cisco ≫ Nexus 7000 Supervisor 2e Version-
   Cisco ≫ Nexus 7004 Version-
   Cisco ≫ Nexus 7009 Version-
   Cisco ≫ Nexus 7010 Version-
   Cisco ≫ Nexus 7018 Version-
   Cisco ≫ Nexus 7700 Version-
   Cisco ≫ Nexus 7700 10-slot Version-
   Cisco ≫ Nexus 7700 18-slot Version-
   Cisco ≫ Nexus 7700 2-slot Version-
   Cisco ≫ Nexus 7700 6-slot Version-
   Cisco ≫ Nexus 7700 Supervisor 2e Version-
   Cisco ≫ Nexus 7700 Supervisor 3e Version-
   Cisco ≫ Nexus 7702 Version-
   Cisco ≫ Nexus 7706 Version-
   Cisco ≫ Nexus 7710 Version-
   Cisco ≫ Nexus 7718 Version-
   Cisco ≫ Nexus 9000v Version-
   Cisco ≫ Nexus 92160yc-x Version-
   Cisco ≫ Nexus 92300yc Version-
   Cisco ≫ Nexus 92304qc Version-
   Cisco ≫ Nexus 92348gc-x Version-
   Cisco ≫ Nexus 9236c Version-
   Cisco ≫ Nexus 9272q Version-
   Cisco ≫ Nexus 93108tc-ex Version-
   Cisco ≫ Nexus 93108tc-ex-24 Version-
   Cisco ≫ Nexus 93108tc-fx Version-
   Cisco ≫ Nexus 93108tc-fx-24 Version-
   Cisco ≫ Nexus 93108tc-fx3p Version-
   Cisco ≫ Nexus 93120tx Version-
   Cisco ≫ Nexus 93128tx Version-
   Cisco ≫ Nexus 9316d-gx Version-
   Cisco ≫ Nexus 93180lc-ex Version-
   Cisco ≫ Nexus 93180yc-ex Version-
   Cisco ≫ Nexus 93180yc-ex-24 Version-
   Cisco ≫ Nexus 93180yc-fx Version-
   Cisco ≫ Nexus 93180yc-fx-24 Version-
   Cisco ≫ Nexus 93180yc-fx3 Version-
   Cisco ≫ Nexus 93180yc-fx3s Version-
   Cisco ≫ Nexus 93216tc-fx2 Version-
   Cisco ≫ Nexus 93240yc-fx2 Version-
   Cisco ≫ Nexus 9332c Version-
   Cisco ≫ Nexus 9332pq Version-
   Cisco ≫ Nexus 93360yc-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2 Version-
   Cisco ≫ Nexus 9336c-fx2-e Version-
   Cisco ≫ Nexus 9348gc-fxp Version-
   Cisco ≫ Nexus 93600cd-gx Version-
   Cisco ≫ Nexus 9364c Version-
   Cisco ≫ Nexus 9364c-gx Version-
   Cisco ≫ Nexus 9372px Version-
   Cisco ≫ Nexus 9372px-e Version-
   Cisco ≫ Nexus 9372tx Version-
   Cisco ≫ Nexus 9372tx-e Version-
   Cisco ≫ Nexus 9396px Version-
   Cisco ≫ Nexus 9396tx Version-
   Cisco ≫ Nexus 9508 Version-

Cisco ≫ Nx-os Version7.3(7)n1(1b)

Cisco ≫ Unified Computing System Version < 4.0\(4m\)

   Cisco ≫ Unified Computing System 6248up Version-
   Cisco ≫ Unified Computing System 6296up Version-
   Cisco ≫ Unified Computing System 6324 Version-
   Cisco ≫ Unified Computing System 6332 Version-
   Cisco ≫ Unified Computing System 6332-16up Version-

Cisco ≫ Unified Computing System Version >= 4.1 < 4.1\(3d\)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.82%	0.721

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
psirt@cisco.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1590

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1590

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1590

EUVD