Home

CVE-2021-34714

Description

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process.

Risk Information

Base Score
7.4
MODERATE
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.185

Associated Vulnerability

VulnerabilityOS Platform
Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability For Cisco Firepower Extensible Operating System (FXOS)NCM
Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability For Cisco IOSNCM
Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability For Cisco IOS XE SoftwareNCM
Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability For Cisco NX-OS SoftwareNCM
Improper Input Validation Vulnerability (CVE-2021-34714)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706063Security Update for Cisco Firepower Extensible Operating System (FXOS) 4.1(3a)UCSM
PATCH-1706090Security Update for Cisco IOS Amsterdam-17.2.1r
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234