CVE-2021-1356Improper Input Validation in Cisco IOS XE Software

CWE-20Improper Input ValidationCWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 70.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 24
Latest updateMay 24

Description

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to ca

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/ios_xe13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-7rw7-xm59-wmr8: Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the w2022-05-24
CVEList
Cisco IOS XE Software Web UI Denial of Service Vulnerabilities2021-03-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Web UI Denial of Service Vulnerabilities2021-03-24
CVE-2021-1356 — Improper Input Validation in Cisco | cvebase