CVE-2021-34720

Published: Sep 9, 2021Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.

Affected (3)

Products: Cisco: Ios Xr

Cisco

1 product

Ios Xr

Configuration A

12 platform

Running on/with	Platform Versions
Cisco Asr 9000v V2	All versions
Cisco Asr 9001	All versions
Cisco Asr 9006	All versions
Cisco Asr 9010	All versions
Cisco Asr 9901	All versions
Cisco Asr 9902	All versions
Cisco Asr 9903	All versions
Cisco Asr 9904	All versions
Cisco Asr 9906	All versions
Cisco Asr 9910	All versions
Cisco Asr 9912	All versions
Cisco Asr 9922	All versions

Configuration B

2 platform

Running on/with	Platform Versions
Cisco Ios Xrv	All versions
Cisco Ios Xrv 9000	All versions

Configuration C

5 platform

Running on/with	Platform Versions
Cisco Ncs 520	All versions
Cisco Ncs 540	All versions
Cisco Ncs 540 Fronthaul	All versions
Cisco Ncs 560 4	All versions
Cisco Ncs 560 7	All versions

Configuration D

3 platform

Running on/with	Platform Versions
Cisco Ncs 5001	All versions
Cisco Ncs 5002	All versions
Cisco Ncs 5011	All versions

Configuration E

2 platform

Running on/with	Platform Versions
Cisco Ncs 4009	All versions
Cisco Ncs 4016	All versions

Configuration F

6 platform

Running on/with	Platform Versions
Cisco Ncs 5501	All versions
Cisco Ncs 5501 Se	All versions
Cisco Ncs 5502	All versions
Cisco Ncs 5502 Se	All versions
Cisco Ncs 5508	All versions
Cisco Ncs 5516	All versions

Configuration G

2 platform

Running on/with	Platform Versions
Cisco Ncs 6000	All versions
Cisco Ncs 6008	All versions

Configuration H

3 platform

Running on/with	Platform Versions
Cisco Ncs 1001	All versions
Cisco Ncs 1002	All versions
Cisco Ncs 1004	All versions

Configuration I

3 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	Before 6.2.3
Cisco Ios Xr	From 6.3.0 to 6.3.2
Cisco Ios Xr	From 6.5.0 to 7.2.2

Running on/with	Platform Versions
Cisco 8101 32fh	All versions
Cisco 8101 32h	All versions
Cisco 8102 64h	All versions
Cisco 8201	All versions
Cisco 8201 32fh	All versions
Cisco 8202	All versions
Cisco 8804	All versions
Cisco 8808	All versions
Cisco 8812	All versions
Cisco 8818	All versions

Related CWEs

CWE-771

Missing Reference to Active Allocated Resource

The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.