HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2021-1587

CVSS 8.6v3.1pub. 2021-08-25upd. 2024-11-21

A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Cisco Nexus 3000

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3048

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 31108pc V

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 31108tc V

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 31128pq

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3132c Z

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3132q V

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3132q X\/3132q Xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3164q

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3172pq\/pq Xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3172tq Xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3232c

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3264c E

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3264q

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3408 S

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 34180yc

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3432d S

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3464c

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3524 X\/xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3548 X\/xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 36180yc R

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3636c R

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 9000v

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 92160yc X

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 92300yc

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 92304qc

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 92348gc X

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 9236c

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 9272q

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 93108tc Ex

    HW
    Cisco
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoSVPN
CWE
References

Related vulnerabilities

CVE-2021-1361CRITICAL9.8ten sam produkt

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switc...

CVE-2019-1804CRITICAL9.8ten sam produkt

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (...

CVE-2018-0310CRITICAL9.8ten sam produkt

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could a...

CVE-2018-0301CRITICAL9.8ten sam produkt

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker ...

CVE-2018-0312CRITICAL9.8ten sam produkt

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could a...