CVE-2021-1389

Published: Feb 4, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.

Affected (4)

Products: Cisco: Ios Xr, Nx Os

Cisco

2 products

Ios Xr

Nx Os

Configuration A

3 vulnerable · 8 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Before 6.6.3
Cisco Ios Xr	Version 7.1.0
Cisco Ios Xr	Version 7.2.0

Running on/with	Platform Versions
Cisco Ncs 540	All versions
Cisco Ncs 5501	All versions
Cisco Ncs 5501 Se	All versions
Cisco Ncs 5502	All versions
Cisco Ncs 5502 Se	All versions
Cisco Ncs 5508	All versions
Cisco Ncs 5516	All versions
Cisco Ncs 560	All versions

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	All versions

Running on/with	Platform Versions
Cisco Nexus 3600	All versions
Cisco Nexus 9500 R	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-acl-CHgdYk8j

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-acl-CHgdYk8j

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.