← Back

CVE-2021-1431

nvd nist
Published: Mar 24, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Affected (32)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
32 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
Version 16.11.1
Ios Xe
Version 16.11.1a
Ios Xe
Version 16.11.1b
Ios Xe
Version 16.11.1c
Ios Xe
Version 16.11.1s
Ios Xe
Version 16.11.2
Ios Xe
Version 16.12.1
Ios Xe
Version 16.12.1a
Ios Xe
Version 16.12.1c
Ios Xe
Version 16.12.1s
Ios Xe
Version 16.12.1t
Ios Xe
Version 16.12.1w
Ios Xe
Version 16.12.1x
Ios Xe
Version 16.12.1y
Ios Xe
Version 16.12.1z
Ios Xe
Version 16.12.2
Ios Xe
Version 16.12.2a
Ios Xe
Version 16.12.2s
Ios Xe
Version 16.12.2t
Ios Xe
Version 16.12.3
Ios Xe
Version 16.12.3a
Ios Xe
Version 16.12.3s
Ios Xe
Version 16.12.4
Ios Xe
Version 16.12.4a
Ios Xe
Version 17.2.1
Ios Xe
Version 17.2.1a
Ios Xe
Version 17.2.1r
Ios Xe
Version 17.2.1v
Ios Xe
Version 17.2.2
Ios Xe
Version 17.2.3
Ios Xe
Version 3.15.1xbs
Ios Xe
Version 3.15.2xbs

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.