CVE-2021-1394Cisco IOS XE Software vulnerability

CWE-3994 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 65.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 24
Latest updateMay 24

Description

A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This vulnerability is due to incorrect processing of certain IPv4 TCP traffic that is destined to an affected device. An attacker could exploit this vulnerability by sending a large number of crafted TCP packets to the affect

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/ios_xe10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-x482-c63f-45hq: A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthen2022-05-24
CVEList
Cisco IOS XE Software for Network Convergence System 520 Routers Denial of Service Vulnerability2021-03-24

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Network Convergence System 520 Routers Denial of Service Vulnerability2021-03-24
CVE-2021-1394 — Cisco IOS XE Software vulnerability | cvebase