← Back

CVE-2021-34767

nvd nist
Published: Sep 23, 2021Modified: Oct 30, 2025

JSON object

Loading...
7.4
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 4.0
Source: NVD

Description

A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition.

Affected (93)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
93 vulnerable · 8 platform
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
All versions
Ios Xe
Version 16.10.1
Ios Xe
Version 16.10.1a
Ios Xe
Version 16.10.1b
Ios Xe
Version 16.10.1c
Ios Xe
Version 16.10.1d
Ios Xe
Version 16.10.1e
Ios Xe
Version 16.10.1f
Ios Xe
Version 16.10.1g
Ios Xe
Version 16.10.1s
Ios Xe
Version 16.10.2
Ios Xe
Version 16.10.3
Ios Xe
Version 16.11.1
Ios Xe
Version 16.11.1a
Ios Xe
Version 16.11.1b
Ios Xe
Version 16.11.1c
Ios Xe
Version 16.11.1s
Ios Xe
Version 16.11.2
Ios Xe
Version 16.12.1
Ios Xe
Version 16.12.1a
Ios Xe
Version 16.12.1c
Ios Xe
Version 16.12.1s
Ios Xe
Version 16.12.1t
Ios Xe
Version 16.12.1w
Ios Xe
Version 16.12.1x
Ios Xe
Version 16.12.1y
Ios Xe
Version 16.12.1z1
Ios Xe
Version 16.12.1z
Ios Xe
Version 16.12.1za
Ios Xe
Version 16.12.2
Ios Xe
Version 16.12.2a
Ios Xe
Version 16.12.2s
Ios Xe
Version 16.12.2t
Ios Xe
Version 16.12.3
Ios Xe
Version 16.12.3a
Ios Xe
Version 16.12.3s
Ios Xe
Version 16.12.4
Ios Xe
Version 16.12.4a
Ios Xe
Version 16.7.1
Ios Xe
Version 16.7.1a
Ios Xe
Version 16.7.1b
Ios Xe
Version 16.7.2
Ios Xe
Version 16.7.3
Ios Xe
Version 16.7.4
Ios Xe
Version 16.8.1
Ios Xe
Version 16.8.1a
Ios Xe
Version 16.8.1b
Ios Xe
Version 16.8.1c
Ios Xe
Version 16.8.1d
Ios Xe
Version 16.8.1e
Ios Xe
Version 16.8.1s
Ios Xe
Version 16.8.2
Ios Xe
Version 16.8.3
Ios Xe
Version 16.9.1
Ios Xe
Version 16.9.1a
Ios Xe
Version 16.9.1b
Ios Xe
Version 16.9.1c
Ios Xe
Version 16.9.1d
Ios Xe
Version 16.9.1s
Ios Xe
Version 16.9.2
Ios Xe
Version 16.9.2a
Ios Xe
Version 16.9.2s
Ios Xe
Version 16.9.3
Ios Xe
Version 16.9.3a
Ios Xe
Version 16.9.3h
Ios Xe
Version 16.9.3s
Ios Xe
Version 16.9.4
Ios Xe
Version 16.9.4c
Ios Xe
Version 16.9.5
Ios Xe
Version 16.9.5f
Ios Xe
Version 16.9.6
Ios Xe
Version 16.9.7
Ios Xe
Version 17.1.1
Ios Xe
Version 17.1.1a
Ios Xe
Version 17.1.1s
Ios Xe
Version 17.1.1t
Ios Xe
Version 17.1.2
Ios Xe
Version 17.1.3
Ios Xe
Version 17.2.1
Ios Xe
Version 17.2.1a
Ios Xe
Version 17.2.1r
Ios Xe
Version 17.2.1v
Ios Xe
Version 17.2.2
Ios Xe
Version 17.2.3
Ios Xe
Version 17.3.1
Ios Xe
Version 17.3.1a
Ios Xe
Version 17.3.1w
Ios Xe
Version 17.3.1x
Ios Xe
Version 17.3.1z
Ios Xe
Version 17.3.2
Ios Xe
Version 17.3.2a
Ios Xe
Version 3.15.1xbs
Ios Xe
Version 3.15.2xbs
Running on/withPlatform Versions
Cisco
Catalyst 9800
All versions
Cisco
Catalyst 9800 40
All versions
Cisco
Catalyst 9800 80
All versions
Cisco
Catalyst 9800 Cl
All versions
Cisco
Catalyst 9800 L
All versions
Cisco
Catalyst 9800 L C
All versions
Cisco
Catalyst 9800 L F
All versions
Cisco
Catalyst 9800 Embedded Wireless Controller
All versions

Related CWEs

CWE-670
Always-Incorrect Control Flow Implementation
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.