#VU56431 NULL pointer dereference in Cisco Systems, Inc products - CVE-2021-34737
Published: September 9, 2021
Vulnerability identifier: #VU56431
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-34737
CWE-ID: CWE-476
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XR
Cisco IOS XRv 9000 Router
Cisco ASR 9000 Series Aggregation Services Routers
NCS5000
NCS540
NCS560
NCS5500
Cisco IOS XR
Cisco IOS XRv 9000 Router
Cisco ASR 9000 Series Aggregation Services Routers
NCS5000
NCS540
NCS560
NCS5500
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software. A remote non-authenticated attacker can send specially crafted DHCPv4 messages to the affected device, trigger a NULL pointer dereference error and crash the dhcpd process.
Remediation
Install update from vendor's website.