CVE-2021-1231

CWE-284Improper Access ControlCWE-3467 documents6 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 69.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Nx-os System Software IN ACI ModeCisco Nx-os
Timeline
PublishedFeb 24
Latest updateMar 7

Description

A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploi

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/nx-os164 versions+163

🔴Vulnerability Details

2
GHSA
GHSA-hpqm-fqwv-8ffg: A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode cou2022-05-24
CVEList
Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port Denial of Service Vulnerability2021-02-24

📋Vendor Advisories

2
Chrome
Stable Channel Update for Desktop: CVE-2023-12312023-03-07
Cisco
Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port Denial of Service Vulnerability2021-02-24

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Trend Micro Home Network Security Station2021-05-24
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Trend Micro Home Network Security Station2021-05-24
CVE-2021-1231 (MEDIUM CVSS 4.7) | A vulnerability in the Link Layer D | cvebase.io