#VU51250 Allocation of Resources Without Limits or Throttling in Cisco Systems, Inc Server applications


Published: 2021-03-08

Vulnerability identifier: #VU51250

Vulnerability risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1285

CWE-ID: CWE-770

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Cisco UTD Snort IPS Engine Software for IOS XE
Other software / Other software solutions
Cisco UTD Engine for IOS XE SD-WAN
Other software / Other software solutions
Cisco 1000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
4000 Series Integrated Services Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8000V Edge Software
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8200 Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc
Catalyst 8300 Series Edge Platforms
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cloud Services Router 1000V Series
Hardware solutions / Routers & switches, VoIP, GSM, etc
Integrated Services Virtual Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Snort
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of error conditions when processing Ethernet frames. A remote attacker on the local network can send malicious Ethernet frames and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco UTD Snort IPS Engine Software for IOS XE: 16.12 - 17.4

Cisco UTD Engine for IOS XE SD-WAN: 16.12 - 17.4

Cisco 1000 Series Integrated Services Routers: All versions

4000 Series Integrated Services Routers: All versions

Catalyst 8000V Edge Software: All versions

Catalyst 8200 Series Edge Platforms: All versions

Catalyst 8300 Series Edge Platforms: All versions

Cloud Services Router 1000V Series: All versions

Integrated Services Virtual Routers: All versions

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Denial of service in Multiple Cisco Products