SB2021032615 - Denial of service in Cisco IOS XE Software for Network Convergence System 520 Routers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021032615

SB2021032615 - Denial of service in Cisco IOS XE Software for Network Convergence System 520 Routers

Published: March 26, 2021

Security Bulletin ID SB2021032615
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Partial DoS

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Resource management error (CVE-ID: CVE-2021-1394)

CWE-ID: CWE-399 - Resource Management Errors

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers when pressing IPv4 TCP traffic. A remote attacker can send a large number of crafted TCP packets to the affected device and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References