CVE-2021-34697

Description

A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect programming of the half-opened connections limit, TCP SYN flood limit, or TCP SYN cookie features when the features are configured in vulnerable releases of Cisco IOS XE Software. An attacker could exploit this vulnerability by attempting to flood traffic to or through the affected device. A successful exploit could allow the attacker to initiate a DoS attack to or through an affected device.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score

Exploitation Probability

0.468

Associated Vulnerability

Vulnerability	OS Platform
Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability For Cisco IOS XE SD-WAN Software	NCM
Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability For Cisco IOS XE Software	NCM
Improper Initialization Vulnerability (CVE-2021-34697)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706092	Security Update for Cisco IOS XE SD-WAN Software sdwan-20.6(999.751)
PATCH-1706107	Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234