CVE-2021-1367

Published: Feb 24, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition.

Affected (1)

Products: Cisco: Nx Os

Cisco

1 product

Nx Os

Configuration A

1 vulnerable · 42 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 9.3(5)

Running on/with	Platform Versions
Cisco Nexus 9000v Switch	All versions
Cisco Nexus 92160yc X Switch	All versions
Cisco Nexus 92300yc Switch	All versions
Cisco Nexus 92304qc Switch	All versions
Cisco Nexus 92348gc X Switch	All versions
Cisco Nexus 9236c Switch	All versions
Cisco Nexus 9272q Switch	All versions
Cisco Nexus 93108tc Ex 24 Switch	All versions
Cisco Nexus 93108tc Ex Switch	All versions
Cisco Nexus 93108tc Fx 24	All versions
Cisco Nexus 93108tc Fx Switch	All versions
Cisco Nexus 93120tx	All versions
Cisco Nexus 93128tx	All versions
Cisco Nexus 9316d Gx	All versions
Cisco Nexus 93180lc Ex	All versions
Cisco Nexus 93180yc Ex	All versions
Cisco Nexus 93180yc Ex 24	All versions
Cisco Nexus 93180yc Fx	All versions
Cisco Nexus 93180yc Fx 24	All versions
Cisco Nexus 93180yc Fx3	All versions
Cisco Nexus 93180yc Fx3s	All versions
Cisco Nexus 93216tc Fx2	All versions
Cisco Nexus 93240yc Fx2	All versions
Cisco Nexus 9332c	All versions
Cisco Nexus 9332pq	All versions
Cisco Nexus 93360yc Fx2	All versions
Cisco Nexus 9336c Fx2	All versions
Cisco Nexus 9336c Fx2 E	All versions
Cisco Nexus 9336pq	All versions
Cisco Nexus 9348gc Fxp	All versions
Cisco Nexus 93600cd Gx	All versions
Cisco Nexus 9364c	All versions
Cisco Nexus 9364c Gx	All versions
Cisco Nexus 9372px	All versions
Cisco Nexus 9372px E	All versions
Cisco Nexus 9372tx	All versions
Cisco Nexus 9372tx E	All versions
Cisco Nexus 9396px	All versions
Cisco Nexus 9396tx	All versions
Cisco Nexus 9504	All versions
Cisco Nexus 9508	All versions
Cisco Nexus 9516	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-dos-Y8SjMz4

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-pim-dos-Y8SjMz4

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.