VDB

CVE-2021-34697

CVE-2021-34697 PUBLISHED CVSS 5.800000190734863 MEDIUM

A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect programming of the half-opened connections limit, TCP SYN flood limit, or TCP SYN cookie features when the features are configured in vulnerable releases of Cisco IOS XE Software. An attacker could exploit this vulnerability by attempting to flood traffic to or through the affected device. A successful exploit could allow the attacker to initiate a DoS attack to or through an affected device.

EPSS 0.47% · 64.9th percentile

Risk Scores

CVSS 3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
EPSS Score
0.47%
64.9th percentile

Affected Products

VendorProductVersions
CiscoCisco IOS XE Software*
ciscoios_xe17.3.1

Exploit Intelligence

Timeline

  • Sep 23, 2021 EPSS Score
  • Sep 23, 2021 CVE Published
  • Nov 19, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 15, 2022 EPSS Score
  • Mar 14, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 10, 2022 EPSS Score
  • Jul 6, 2022 EPSS Score
  • Sep 2, 2022 EPSS Score
  • Oct 29, 2022 EPSS Score
  • Dec 26, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›