Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-1229 |
CWE-ID | CWE-401 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco MDS 9000 Series Multilayer Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 1000V Switch for Microsoft Hyper-V Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 1000V Switch for VMware vSphere Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 3000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 5500 Platform Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 6000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 7000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 9000 Series Switches in ACI Mode Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 9000 Series Switches NX-OS Mode Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 1000 Virtual Edge for VMware vSphere Server applications / Other server solutions |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU50942
Risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1229
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 packet. A remote attacker can force the application to leak memory and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsCisco MDS 9000 Series Multilayer Switches: 8.4.3.53
Nexus 1000 Virtual Edge for VMware vSphere: 5.2.1 SV5.1.3a
Nexus 1000V Switch for Microsoft Hyper-V: 5.2.1 SV5.1.3a
Nexus 1000V Switch for VMware vSphere: 5.2.1 SV5.1.3a
Cisco Nexus 3000 Series Switches: before 7.0.3 I7.9
Nexus 5500 Platform Switches: before 7.3.8 N1.1
Nexus 6000 Series Switches: before 7.3.8 N1.1
Nexus 7000 Series Switches: before 8.2.5
Cisco Nexus 9000 Series Switches in ACI Mode: before 7.0.3 I7.9
Cisco Nexus 9000 Series Switches NX-OS Mode: before 15.1.3e
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-nxos-icmpv6-dos-YD55jVCq
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv24541
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv96592
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv96593
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.