CVE-2021-34720

EPSS 1.02%
Published 09.09.2021 05:15:11
Last modified 21.11.2024 06:11:02
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xr Version < 6.2.3

   Cisco ≫ Asr 9000v-v2 Version-
   Cisco ≫ Asr 9001 Version-
   Cisco ≫ Asr 9006 Version-
   Cisco ≫ Asr 9010 Version-
   Cisco ≫ Asr 9901 Version-
   Cisco ≫ Asr 9902 Version-
   Cisco ≫ Asr 9903 Version-
   Cisco ≫ Asr 9904 Version-
   Cisco ≫ Asr 9906 Version-
   Cisco ≫ Asr 9910 Version-
   Cisco ≫ Asr 9912 Version-
   Cisco ≫ Asr 9922 Version-

Cisco ≫ Ios Xr Version >= 6.3.0 < 6.3.2

Cisco ≫ Ios Xr Version >= 6.5.0 < 7.2.2

Cisco ≫ Ios Xr Version < 6.2.3

Cisco ≫ Ios Xrv Version-
Cisco ≫ Ios Xrv 9000 Version-

Cisco ≫ Ios Xr Version >= 6.3.0 < 6.3.2

Cisco ≫ Ios Xrv Version-
Cisco ≫ Ios Xrv 9000 Version-

Cisco ≫ Ios Xr Version >= 6.5.0 < 7.2.2

Cisco ≫ Ios Xrv Version-
Cisco ≫ Ios Xrv 9000 Version-

Cisco ≫ Ios Xr Version < 6.2.3

   Cisco ≫ Ncs 520 Version-
   Cisco ≫ Ncs 540 Version-
   Cisco ≫ Ncs 540 Fronthaul Version-
   Cisco ≫ Ncs 560-4 Version-
   Cisco ≫ Ncs 560-7 Version-

Cisco ≫ Ios Xr Version >= 6.3.0 < 6.3.2

   Cisco ≫ Ncs 520 Version-
   Cisco ≫ Ncs 540 Version-
   Cisco ≫ Ncs 540 Fronthaul Version-
   Cisco ≫ Ncs 560-4 Version-
   Cisco ≫ Ncs 560-7 Version-

Cisco ≫ Ios Xr Version >= 6.5.0 < 7.2.2

   Cisco ≫ Ncs 520 Version-
   Cisco ≫ Ncs 540 Version-
   Cisco ≫ Ncs 540 Fronthaul Version-
   Cisco ≫ Ncs 560-4 Version-
   Cisco ≫ Ncs 560-7 Version-

Cisco ≫ Ios Xr Version < 6.2.3

   Cisco ≫ Ncs 5001 Version-
   Cisco ≫ Ncs 5002 Version-
   Cisco ≫ Ncs 5011 Version-

Cisco ≫ Ios Xr Version >= 6.3.0 < 6.3.2

   Cisco ≫ Ncs 5001 Version-
   Cisco ≫ Ncs 5002 Version-
   Cisco ≫ Ncs 5011 Version-

Cisco ≫ Ios Xr Version >= 6.5.0 < 7.2.2

   Cisco ≫ Ncs 5001 Version-
   Cisco ≫ Ncs 5002 Version-
   Cisco ≫ Ncs 5011 Version-

Cisco ≫ Ios Xr Version < 6.2.3

Cisco ≫ Ncs 4009 Version-
Cisco ≫ Ncs 4016 Version-

Cisco ≫ Ios Xr Version >= 6.3.0 < 6.3.2

Cisco ≫ Ncs 4009 Version-
Cisco ≫ Ncs 4016 Version-

Cisco ≫ Ios Xr Version >= 6.5.0 < 7.2.2

Cisco ≫ Ncs 4009 Version-
Cisco ≫ Ncs 4016 Version-

Cisco ≫ Ios Xr Version < 6.2.3

   Cisco ≫ Ncs 5501 Version-
   Cisco ≫ Ncs 5501-se Version-
   Cisco ≫ Ncs 5502 Version-
   Cisco ≫ Ncs 5502-se Version-
   Cisco ≫ Ncs 5508 Version-
   Cisco ≫ Ncs 5516 Version-

Cisco ≫ Ios Xr Version >= 6.3.0 < 6.3.2

   Cisco ≫ Ncs 5501 Version-
   Cisco ≫ Ncs 5501-se Version-
   Cisco ≫ Ncs 5502 Version-
   Cisco ≫ Ncs 5502-se Version-
   Cisco ≫ Ncs 5508 Version-
   Cisco ≫ Ncs 5516 Version-

Cisco ≫ Ios Xr Version >= 6.5.0 < 7.2.2

   Cisco ≫ Ncs 5501 Version-
   Cisco ≫ Ncs 5501-se Version-
   Cisco ≫ Ncs 5502 Version-
   Cisco ≫ Ncs 5502-se Version-
   Cisco ≫ Ncs 5508 Version-
   Cisco ≫ Ncs 5516 Version-

Cisco ≫ Ios Xr Version < 6.2.3

Cisco ≫ Ncs 6000 Version-
Cisco ≫ Ncs 6008 Version-

Cisco ≫ Ios Xr Version >= 6.3.0 < 6.3.2

Cisco ≫ Ncs 6000 Version-
Cisco ≫ Ncs 6008 Version-

Cisco ≫ Ios Xr Version >= 6.5.0 < 7.2.2

Cisco ≫ Ncs 6000 Version-
Cisco ≫ Ncs 6008 Version-

Cisco ≫ Ios Xr Version < 6.2.3

   Cisco ≫ Ncs 1001 Version-
   Cisco ≫ Ncs 1002 Version-
   Cisco ≫ Ncs 1004 Version-

Cisco ≫ Ios Xr Version >= 6.3.0 < 6.3.2

   Cisco ≫ Ncs 1001 Version-
   Cisco ≫ Ncs 1002 Version-
   Cisco ≫ Ncs 1004 Version-

Cisco ≫ Ios Xr Version >= 6.5.0 < 7.2.2

   Cisco ≫ Ncs 1001 Version-
   Cisco ≫ Ncs 1002 Version-
   Cisco ≫ Ncs 1004 Version-

Cisco ≫ Ios Xr Version < 6.2.3

   Cisco ≫ 8101-32fh Version-
   Cisco ≫ 8101-32h Version-
   Cisco ≫ 8102-64h Version-
   Cisco ≫ 8201 Version-
   Cisco ≫ 8201-32fh Version-
   Cisco ≫ 8202 Version-
   Cisco ≫ 8804 Version-
   Cisco ≫ 8808 Version-
   Cisco ≫ 8812 Version-
   Cisco ≫ 8818 Version-

Cisco ≫ Ios Xr Version >= 6.3.0 < 6.3.2

Cisco ≫ Ios Xr Version >= 6.5.0 < 7.2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.02%	0.766

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
psirt@cisco.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-771 Missing Reference to Active Allocated Resource

The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34720

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34720

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34720

EUVD