CVE-2021-1352

Description

A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Related CPE's

o cisco ios_xe 16.4.1 *******

o cisco ios_xe 16.4.2 *******

o cisco ios_xe 16.4.3 *******

o cisco ios_xe 16.5.1 *******

o cisco ios_xe 16.5.1a *******

o cisco ios_xe 16.5.1b *******

o cisco ios_xe 16.5.2 *******

o cisco ios_xe 16.5.3 *******

o cisco ios_xe 16.6.1 *******

o cisco ios_xe 16.6.2 *******

References

20210324 Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability

Vendor Advisory

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	NONE
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	ADJACENT_NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	NONE
PrivilegesRequired	NONE
BaseScore	6.5
VectorString	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	NONE
AvailabilityImpact	PARTIAL
IntegrityImpact	NONE
BaseScore	2.9
VectorString	AV:A/AC:M/Au:N/C:N/I:N/A:P
Version	2.0
AccessVector	ADJACENT_NETWORK
Authentication	NONE