CVE-2021-34734 — Vulnetix

CVE-2021-34734 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for the Cisco Video Surveillance 7000 Series IP Cameras firmware could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

EPSS 0.32% · 55.1th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.32%

55.1th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Video Surveillance 7000 Series IP Cameras	n/a
cisco	video_surveillance_7000_ip_camera_firmware	2.12.4

Exploit Intelligence

20210818 Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability (circl)

Timeline

Aug 18, 2021 CVE Published
Aug 19, 2021 EPSS Score
Oct 16, 2021 EPSS Score
Dec 14, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 10, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 10, 2022 EPSS Score
Jun 7, 2022 EPSS Score
Aug 5, 2022 EPSS Score
Oct 3, 2022 EPSS Score
Nov 30, 2022 EPSS Score

References

Open in Interactive Console →