VDB
CVE-2021-34713
CVE-2021-34713
PUBLISHED
CVSS 7.400000095367432 HIGH
A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.
EPSS 0.10% · 27.4th percentile
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.10%
27.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ios_xr | 6.7, 7.0, 7.1 |
| Cisco | Cisco IOS XR Software | n/a |
Exploit Intelligence
Timeline
- Sep 9, 2021 CVE Published
- Sep 9, 2021 EPSS Score
- Nov 6, 2021 EPSS Score
- Jan 2, 2022 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 1, 2022 EPSS Score
- Apr 28, 2022 EPSS Score
- Jun 24, 2022 EPSS Score
- Aug 22, 2022 EPSS Score
- Oct 19, 2022 EPSS Score
- Dec 16, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
References
- 20210908 Cisco IOS XR Software for ASR 9000 Series Routers Denial of Service Vulnerability vendor-advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-34713 advisory