CVE-2021-1352

A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Published: Mar 24, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-1352
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 2.9
AV:A/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	16.6.1	16.6.1.x
cisco / ios_xe	16.4.1	16.4.1.x
cisco / ios_xe	16.5.1	16.5.1.x
cisco / ios_xe	16.5.1a	16.5.1a.x
cisco / ios_xe	16.5.1b	16.5.1b.x
cisco / ios_xe	16.4.2	16.4.2.x
cisco / ios_xe	16.6.3	16.6.3.x
cisco / ios_xe	16.8.1	16.8.1.x
cisco / ios_xe	16.7.1	16.7.1.x
cisco / ios_xe	16.6.2	16.6.2.x
cisco / ios_xe	16.9.1	16.9.1.x
cisco / ios_xe	16.5.2	16.5.2.x
cisco / ios_xe	16.8.1a	16.8.1a.x
cisco / ios_xe	16.8.1s	16.8.1s.x
cisco / ios_xe	16.8.1b	16.8.1b.x
cisco / ios_xe	16.8.2	16.8.2.x
cisco / ios_xe	16.7.2	16.7.2.x
cisco / ios_xe	16.7.3	16.7.3.x
cisco / ios_xe	16.8.1c	16.8.1c.x
cisco / ios_xe	16.4.3	16.4.3.x
cisco / ios_xe	16.9.1s	16.9.1s.x
cisco / ios_xe	16.9.1c	16.9.1c.x
cisco / ios_xe	16.9.1b	16.9.1b.x
cisco / ios_xe	16.5.3	16.5.3.x
cisco / ios_xe	16.9.1d	16.9.1d.x
cisco / ios_xe	16.6.4s	16.6.4s.x
cisco / ios_xe	16.6.4	16.6.4.x
cisco / ios_xe	16.10.1	16.10.1.x
cisco / ios_xe	16.9.1a	16.9.1a.x
cisco / ios_xe	16.9.2a	16.9.2a.x
cisco / ios_xe	16.9.2	16.9.2.x
cisco / ios_xe	16.6.4a	16.6.4a.x
cisco / ios_xe	16.12.1	16.12.1.x
cisco / ios_xe	16.6.5	16.6.5.x
cisco / ios_xe	16.11.1	16.11.1.x
cisco / ios_xe	17.1.1	17.1.1.x
cisco / ios_xe	16.11.1a	16.11.1a.x
cisco / ios_xe	16.12.1c	16.12.1c.x
cisco / ios_xe	16.12.1t	16.12.1t.x
cisco / ios_xe	16.11.2	16.11.2.x
cisco / ios_xe	16.12.1s	16.12.1s.x
cisco / ios_xe	16.12.1a	16.12.1a.x
cisco / ios_xe	16.11.1c	16.11.1c.x
cisco / ios_xe	16.11.1b	16.11.1b.x
cisco / ios_xe	16.11.1s	16.11.1s.x
cisco / ios_xe	16.10.1s	16.10.1s.x
cisco / ios_xe	16.9.2s	16.9.2s.x
cisco / ios_xe	16.6.6	16.6.6.x
cisco / ios_xe	16.9.3h	16.9.3h.x
cisco / ios_xe	16.6.5b	16.6.5b.x
cisco / ios_xe	16.6.5a	16.6.5a.x
cisco / ios_xe	16.9.3a	16.9.3a.x
cisco / ios_xe	16.10.1a	16.10.1a.x
cisco / ios_xe	16.10.2	16.10.2.x
cisco / ios_xe	16.9.3	16.9.3.x
cisco / ios_xe	16.10.1e	16.10.1e.x
cisco / ios_xe	16.10.1b	16.10.1b.x
cisco / ios_xe	16.8.3	16.8.3.x
cisco / ios_xe	16.9.3s	16.9.3s.x
cisco / ios_xe	16.9.4	16.9.4.x
cisco / ios_xe	16.12.2	16.12.2.x
cisco / ios_xe	16.6.7a	16.6.7a.x
cisco / ios_xe	16.9.4c	16.9.4c.x
cisco / ios_xe	16.12.2a	16.12.2a.x
cisco / ios_xe	16.6.7	16.6.7.x
cisco / ios_xe	16.10.3	16.10.3.x
cisco / ios_xe	16.12.4	16.12.4.x
cisco / ios_xe	16.9.5	16.9.5.x
cisco / ios_xe	16.9.5f	16.9.5f.x
cisco / ios_xe	16.6.8	16.6.8.x
cisco / ios_xe	16.12.3	16.12.3.x
cisco / ios_xe	17.2.1	17.2.1.x
cisco / ios_xe	17.1.1s	17.1.1s.x
cisco / ios_xe	16.12.2t	16.12.2t.x
cisco / ios_xe	17.1.1a	17.1.1a.x
cisco / ios_xe	16.12.2s	16.12.2s.x
cisco / ios_xe	16.12.3a	16.12.3a.x
cisco / ios_xe	17.1.1t	17.1.1t.x
cisco / ios_xe	17.2.1a	17.2.1a.x
cisco / ios_xe	17.2.1v	17.2.1v.x
cisco / ios_xe	16.12.3s	16.12.3s.x
cisco / ios_xe	17.2.1r	17.2.1r.x
cisco / ios_xe	17.1.2	17.1.2.x
cisco / ios_xe	16.12.4a	16.12.4a.x
cisco / ios_xe	17.2.2	17.2.2.x
cisco / ios_xe	17.3.1	17.3.1.x
cisco / ios_xe	17.3.1a	17.3.1a.x
cisco / ios_xe	17.2.3	17.2.3.x
cisco / ios_xe	16.9.6	16.9.6.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL

Vulnerability Database

289,697

CVE-2021-1352