CVE-2021-1268Insufficient Adherence to Expected Conventions in Cisco IOS XR

CWE-1076Insufficient Adherence to Expected Conventions4 documents4 sources
Severity
6.5MEDIUMNVD
CNA7.4
EPSS
0.1%
top 75.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XRCisco IOS XR Software
Timeline
PublishedFeb 4
Latest updateMay 24

Description

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same netwo

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios_xr7.1.07.1.3+3

🔴Vulnerability Details

2
GHSA
GHSA-374q-g769-jjp8: A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker2022-05-24
CVEList
Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability2021-02-04

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software IPv6 Flood Denial of Service Vulnerability2021-02-03
CVE-2021-1268 — Cisco IOS XR vulnerability | cvebase