#VU51721 Buffer overflow in Cisco Systems, Inc products - CVE-2021-1439
Published: March 25, 2021
Vulnerability identifier: #VU51721
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1439
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco 4800 Aironet Access Points
Cisco Catalyst 9100
Cisco Catalyst IW 6300
Integrated AP on 1100 Integrated Services Routers
Cisco ESW6300 Series Access Points
Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Aironet 1800 Series Access Points
Cisco Aironet 2800 Series Access Points
Cisco Aironet 3800 Series Access Points
Cisco 4800 Aironet Access Points
Cisco Catalyst 9100
Cisco Catalyst IW 6300
Integrated AP on 1100 Integrated Services Routers
Cisco ESW6300 Series Access Points
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the multicast DNS (mDNS) gateway feature. A remote attacker on the local network can send a specially crafted mDNS packet, trigger memory corruption and cause a denial of service condition on the target system.
Remediation
Install updates from vendor's website.