A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process.
Metrics
No CVSS v4.0
Attack Vector Adjacent Network
Attack Complexity Low
Privileges Required None
Scope Changed
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Adjacent Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
AV:A/AC:M/Au:N/C:N/I:N/A:C
This CVE is not in the KEV list.
Exploitation none
Automatable no
Technical Impact partial
Affected Vendors & Products
Vendors | Products |
---|---|
Cisco |
|
Configuration 1 [-]
AND |
|
Configuration 2 [-]
AND |
|
Configuration 3 [-]
AND |
|
Configuration 4 [-]
AND |
|
Configuration 5 [-]
AND |
|
Configuration 6 [-]
AND |
|
No data.
References
History
Thu, 07 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2021-09-23T02:25:58.322621Z
Updated: 2024-11-07T21:59:09.403Z
Reserved: 2021-06-15T00:00:00
Link: CVE-2021-34714
Vulnrichment
Updated: 2024-08-04T00:19:48.217Z
NVD
Status : Modified
Published: 2021-09-23T03:15:18.153
Modified: 2024-11-21T06:11:01.790
Link: CVE-2021-34714
Redhat
No data.