CVE-2021-1590

Published: Aug 25, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device.

Affected (4)

Products: Cisco: Nx Os, Unified Computing System

Cisco

2 products

Nx Os

Unified Computing System

Configuration A

2 vulnerable · 96 platform

Vulnerable Software	Affected Versions
Cisco Nx Os	Version 7.0(3)i4(0.116)
Cisco Nx Os	Version 7.3(7)n1(1b)

Running on/with	Platform Versions
Cisco Nexus 3000	All versions
Cisco Nexus 3048	All versions
Cisco Nexus 31108pc V	All versions
Cisco Nexus 31108tc V	All versions
Cisco Nexus 31128pq	All versions
Cisco Nexus 3132c Z	All versions
Cisco Nexus 3132q V	All versions
Cisco Nexus 3132q X/3132q Xl	All versions
Cisco Nexus 3164q	All versions
Cisco Nexus 3172pq/pq Xl	All versions
Cisco Nexus 3172tq Xl	All versions
Cisco Nexus 3232c	All versions
Cisco Nexus 3264c E	All versions
Cisco Nexus 3264q	All versions
Cisco Nexus 3408 S	All versions
Cisco Nexus 34180yc	All versions
Cisco Nexus 3432d S	All versions
Cisco Nexus 3464c	All versions
Cisco Nexus 3524 X/xl	All versions
Cisco Nexus 3548 X/xl	All versions
Cisco Nexus 36180yc R	All versions
Cisco Nexus 3636c R	All versions
Cisco Nexus 5548p	All versions
Cisco Nexus 5548up	All versions
Cisco Nexus 5596t	All versions
Cisco Nexus 5596up	All versions
Cisco Nexus 56128p	All versions
Cisco Nexus 5624q	All versions
Cisco Nexus 5648q	All versions
Cisco Nexus 5672up	All versions
Cisco Nexus 5672up 16g	All versions
Cisco Nexus 5696q	All versions
Cisco Nexus 6001	All versions
Cisco Nexus 6004	All versions
Cisco Nexus 7000 10 Slot	All versions
Cisco Nexus 7000 18 Slot	All versions
Cisco Nexus 7000 4 Slot	All versions
Cisco Nexus 7000 9 Slot	All versions
Cisco Nexus 7000 Supervisor 1	All versions
Cisco Nexus 7000 Supervisor 2	All versions
Cisco Nexus 7000 Supervisor 2e	All versions
Cisco Nexus 7004	All versions
Cisco Nexus 7009	All versions
Cisco Nexus 7010	All versions
Cisco Nexus 7018	All versions
Cisco Nexus 7700	All versions
Cisco Nexus 7700 10 Slot	All versions
Cisco Nexus 7700 18 Slot	All versions
Cisco Nexus 7700 2 Slot	All versions
Cisco Nexus 7700 6 Slot	All versions
Cisco Nexus 7700 Supervisor 2e	All versions
Cisco Nexus 7700 Supervisor 3e	All versions
Cisco Nexus 7702	All versions
Cisco Nexus 7706	All versions
Cisco Nexus 7710	All versions
Cisco Nexus 7718	All versions
Cisco Nexus 9000v	All versions
Cisco Nexus 92160yc X	All versions
Cisco Nexus 92300yc	All versions
Cisco Nexus 92304qc	All versions
Cisco Nexus 92348gc X	All versions
Cisco Nexus 9236c	All versions
Cisco Nexus 9272q	All versions
Cisco Nexus 93108tc Ex	All versions
Cisco Nexus 93108tc Ex 24	All versions
Cisco Nexus 93108tc Fx	All versions
Cisco Nexus 93108tc Fx 24	All versions
Cisco Nexus 93108tc Fx3p	All versions
Cisco Nexus 93120tx	All versions
Cisco Nexus 93128tx	All versions
Cisco Nexus 9316d Gx	All versions
Cisco Nexus 93180lc Ex	All versions
Cisco Nexus 93180yc Ex	All versions
Cisco Nexus 93180yc Ex 24	All versions
Cisco Nexus 93180yc Fx	All versions
Cisco Nexus 93180yc Fx 24	All versions
Cisco Nexus 93180yc Fx3	All versions
Cisco Nexus 93180yc Fx3s	All versions
Cisco Nexus 93216tc Fx2	All versions
Cisco Nexus 93240yc Fx2	All versions
Cisco Nexus 9332c	All versions
Cisco Nexus 9332pq	All versions
Cisco Nexus 93360yc Fx2	All versions
Cisco Nexus 9336c Fx2	All versions
Cisco Nexus 9336c Fx2 E	All versions
Cisco Nexus 9348gc Fxp	All versions
Cisco Nexus 93600cd Gx	All versions
Cisco Nexus 9364c	All versions
Cisco Nexus 9364c Gx	All versions
Cisco Nexus 9372px	All versions
Cisco Nexus 9372px E	All versions
Cisco Nexus 9372tx	All versions
Cisco Nexus 9372tx E	All versions
Cisco Nexus 9396px	All versions
Cisco Nexus 9396tx	All versions
Cisco Nexus 9508	All versions

Configuration B

2 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Cisco Unified Computing System	Before 4.0\(4m\)
Cisco Unified Computing System	From 4.1 to 4.1\(3d\)

Running on/with	Platform Versions
Cisco Unified Computing System 6248up	All versions
Cisco Unified Computing System 6296up	All versions
Cisco Unified Computing System 6324	All versions
Cisco Unified Computing System 6332	All versions
Cisco Unified Computing System 6332 16up	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu

Source: psirt@cisco.com

PatchVendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.