CVE-2021-34767Always-Incorrect Control Flow Implementation in Cisco IOS XE Software

CWE-670Always-Incorrect Control Flow Implementation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.1%
top 72.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound t

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xe92 versions+91

🔴Vulnerability Details

2
GHSA
GHSA-xwvm-8x4q-gmr9: A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allo2022-05-24
CVEList
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service Vulnerability2021-09-23

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service Vulnerability2021-09-22
CVE-2021-34767 — Cisco IOS XE Software vulnerability | cvebase