CVE-2021-1377Cisco IOS vulnerability

CWE-3994 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.5%
top 32.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco IOSCisco IOSCisco IOS XE
Timeline
PublishedMar 24
Latest updateMay 24

Description

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause AR

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDcisco/ios134 versions+133
NVDcisco/ios_xe168 versions+167
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-cw7w-jj3r-j3jw: A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote2022-05-24
CVEList
Cisco IOS and IOS XE Software ARP Resource Management Exhaustion Denial of Service Vulnerability2021-03-24

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software ARP Resource Management Exhaustion Denial of Service Vulnerability2021-03-24
CVE-2021-1377 — Cisco IOS vulnerability | cvebase