Buffer overflow in Cisco Systems, Inc products - CVE-2021-1439

 

Buffer overflow in Cisco Systems, Inc products - CVE-2021-1439

Published: March 25, 2021


Vulnerability identifier: #VU51721
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1439
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco 4800 Aironet Access Points
Cisco Catalyst 9100
Cisco Catalyst IW 6300
Integrated AP on 1100 Integrated Services Routers
Cisco ESW6300 Series Access Points

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the multicast DNS (mDNS) gateway feature. A remote attacker on the local network can send a specially crafted mDNS packet, trigger memory corruption and cause a denial of service condition on the target system.


How to mitigate CVE-2021-1439

Install updates from vendor's website.

Sources