CVE-2021-1621

Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability

CVSS 7.4 HIGHEPSS 0.3%CWE-399

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

23 Sep 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulnerability by sending specific Layer 2 frames on the segment the router is connected to. A successful exploit could allow the attacker to cause a queue wedge on the interface, resulting in a DoS condition.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected products

Cisco · Cisco IOS XE Software

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-quewedge-69BsHUBW