CVE-2021-34713

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.

CVSS v3 7.4 HIGH
CVSS v2.0 6.1 MEDIUM

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr::::::::

OR	cpe:2.3:h:cisco:asr_9000:-:::::::*
	cpe:2.3:h:cisco:asr_9000v-v2:-:::::::*
	cpe:2.3:h:cisco:asr_9001:-:::::::*
	cpe:2.3:h:cisco:asr_9006:-:::::::*
	cpe:2.3:h:cisco:asr_9010:-:::::::*
	cpe:2.3:h:cisco:asr_9901:-:::::::*
	cpe:2.3:h:cisco:asr_9902:-:::::::*
	cpe:2.3:h:cisco:asr_9903:-:::::::*
	cpe:2.3:h:cisco:asr_9904:-:::::::*
	cpe:2.3:h:cisco:asr_9906:-:::::::*
	cpe:2.3:h:cisco:asr_9910:-:::::::*
	cpe:2.3:h:cisco:asr_9912:-:::::::*
	cpe:2.3:h:cisco:asr_9922:-:::::::*

History

21 Nov 2024, 06:11

Type	Values Removed	Values Added
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD - Vendor Advisory

Information

Published : 2021-09-09 05:15

Updated : 2024-11-21 06:11

NVD link : CVE-2021-34713

Mitre link : CVE-2021-34713

CVE.ORG link : CVE-2021-34713

JSON object : View

Products Affected

cisco

asr_9901
asr_9912
ios_xr
asr_9000
asr_9010
asr_9904
asr_9906
asr_9001
asr_9006
asr_9903
asr_9000v-v2
asr_9910
asr_9922
asr_9902

CWE

CWE-399

Resource Management Errors

NVD-CWE-Other

7.4 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-34713

7.4^/10

6.1^/10

Attach tags to `CVE-2021-34713`