CVE-2021-1367Improper Input Validation in Cisco Nx-os Software

CWE-20Improper Input ValidationCWE-416Use After FreeCWE-402Resource LeakCWE-125Out-of-bounds Read8 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 55.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedFeb 24
Latest updateMay 21

Description

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/nx-os9.3\(5\)

🔴Vulnerability Details

2
GHSA
GHSA-vvw2-6xj7-ff35: A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause2022-05-24
CVEList
Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability2021-02-24

📋Vendor Advisories

3
Red Hat
kernel: f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances2024-05-21
Red Hat
kernel: can: mcba_usb: fix memory leak in mcba_usb2024-05-21
Cisco
Cisco NX-OS Software Protocol Independent Multicast Denial of Service Vulnerability2021-02-24

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: Buffer overflow vulnerabilities in Accusoft ImageGear could lead to code execution2022-02-23
CVE-2021-1367 — Improper Input Validation in Cisco | cvebase