Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-1352
Vulnerability from cvelistv5
Published
2021-03-24 20:16
Modified
2024-11-08 23:31
Severity ?
EPSS score ?
Summary
A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:16.876Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210324 Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1352", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:47:25.984625Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:31:27.592Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco IOS XE Software", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-03-24T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-823", description: "CWE-823", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-24T20:16:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210324 Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, ], source: { advisory: "cisco-sa-iosxe-decnet-dos-cuPWDkyL", defect: [ [ "CSCvv51476", ], ], discovery: "INTERNAL", }, title: "Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-03-24T16:00:00", ID: "CVE-2021-1352", STATE: "PUBLIC", TITLE: "Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco IOS XE Software", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.4", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-823", }, ], }, ], }, references: { reference_data: [ { name: "20210324 Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, ], }, source: { advisory: "cisco-sa-iosxe-decnet-dos-cuPWDkyL", defect: [ [ "CSCvv51476", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1352", datePublished: "2021-03-24T20:16:01.809530Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:31:27.592Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-1352\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2021-03-24T21:15:11.507\",\"lastModified\":\"2024-11-21T05:44:09.593\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el procesamiento del protocolo DECnet Phase IV y DECnet/OSI del Software Cisco IOS XE, podría permitir a un atacante adyacente no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad es debido a una comprobación de la entrada insuficiente del tráfico DECnet que recibe un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de tráfico DECnet a un dispositivo afectado. Una explotación con éxito podría permitir al atacante causar que el dispositivo afectado se recargue, dando como resultado una condición de DoS\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":2.9,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":5.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-823\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77E8AF15-AB46-4EAB-8872-8C55E8601599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"957318BE-55D4-4585-AA52-C813301D01C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F11B703-8A0F-47ED-AA70-951FF78B94A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE7B2557-821D-4E05-B5C3-67192573D97D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EE6EC32-51E4-43A3-BFB9-A0D842D08E87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"187F699A-AF2F-42B0-B855-27413140C384\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E0B905E-4D92-4FD6-B2FF-41FF1F59A948\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62EDEC28-661E-42EF-88F0-F62D0220D2E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F821EBD7-91E2-4460-BFAF-18482CF6CB8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E36D2D24-8F63-46DE-AC5F-8DE33332EBC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9B825E6-5929-4890-BDBA-4CF4BD2314C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65020120-491D-46CD-8C73-974B6F4C11E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ADDCD0A-6168-45A0-A885-76CC70FE2FC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F35C623-6043-43A6-BBAA-478E185480CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D83E34F4-F4DD-49CC-9C95-93F9D4D26B42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2833EAE-94C8-4279-A244-DDB6E2D15DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.5b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B688E46-5BAD-4DEC-8B13-B184B141B169\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C8F50DB-3A80-4D89-9F7B-86766D37338B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBFC70A2-87BC-4898-BCF3-57F7B1DD5F10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.7a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F13F583-F645-4DF0-A075-B4F19D71D128\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB8DA556-ABF3-48D0-95B8-E57DBE1B5A09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"623BF701-ADC9-4F24-93C5-043A6A7FEF5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FBD681F-7969-42BE-A47E-7C287755DCB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98255E6F-3056-487D-9157-403836EFB9D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57D4F634-03D5-4D9F-901C-7E9CE45F2F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4463A1D1-E169-4F0B-91B2-FA126BB444CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D97F69C3-CAA6-491C-A0B6-6DC12B5AB472\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDD58C58-1B0C-4A71-8C02-F555CEF9C253\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C9C585C-A6EC-4385-B915-046C110BF95F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC2EE60-4A07-4D92-B9BC-BF07CF4F2BE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47DBE4ED-1CD8-4134-9B33-17A91F44F17B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"119A964D-ABC8-424D-8097-85B832A833BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0375BF9E-D04B-4E5B-9051-536806ECA44E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2266E5A2-B3F6-4389-B8E2-42CB845EC7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"012A6CF7-9104-4882-9C95-E6D4458AB778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.1d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AF5214D-9257-498F-A3EB-C4EC18E2FEB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78DE7780-4E8B-4BB6-BDEB-58032EC65851\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F29CEE37-4044-4A3C-9685-C9C021FD346A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DC5BB06-100F-42C9-8CEB-CC47FD26DDF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.2s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5292764A-7D1C-4E04-86EF-809CB68EDD25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1FDA817-3A50-4B9E-8F4E-F613BDB3E9EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E16D266-108F-4F8A-998D-F1CA25F2EAAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.3h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F84AE35F-D016-4B8F-8FE2-C2ACB200DFED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.3s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41D55481-C80E-4400-9C3D-9F6B1F7F13CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4BF9829-F80E-4837-A420-39B291C4E17B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.4c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07F9539-CFBE-46F7-9F5E-93A68169797D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5AB80E7-0714-44ED-9671-12C877B36A1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10182B94-6831-461E-B0FC-9476EAB6EBEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"961F8312-31B9-44E7-8858-EF8E2134F447\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB6BD18B-B9BD-452F-986E-16A6668E46B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D136D2BC-FFB5-4912-A3B1-BD96148CB9A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADED0D82-2A4D-4235-BFAC-5EE2D862B652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A443E93-6C4B-4F86-BA7C-7C2A929E795A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ECEDD9D-6517-44BA-A95F-D1D5488C0E41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E91F8704-6DAD-474A-84EA-04E4AF7BB9B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"314C7763-A64D-4023-9F3F-9A821AE4151F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5820D71D-FC93-45AA-BC58-A26A1A39C936\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC1C85DD-69CC-4AA8-B219-651D57FC3506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B53E377A-0296-4D7A-B97C-576B0026543D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98DED36-D4B5-48D6-964E-EEEE97936700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD98C9E8-3EA6-4160-970D-37C389576516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9027A528-2588-4C06-810B-5BB313FE4323\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7745ED34-D59D-49CC-B174-96BCA03B3374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5019B59-508E-40B0-9C92-2C26F58E2FBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"443D78BA-A3DA-4D1F-A4DF-2F426DC6B841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C6FB4DC-814D-49D2-BBE2-3861AE985A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5750264-2990-4942-85F4-DB9746C5CA2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9173AD6-6658-4267-AAA7-D50D0B657528\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F02EE9D-45B1-43D6-B05D-6FF19472216B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E306B09C-CB48-4067-B60C-5F738555EEAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD446C51-E713-4E46-8328-0A0477D140D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89369318-2E83-489F-B872-5F2E247BBF8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B51FA707-8DB1-4596-9122-D4BFEF17F400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C04DF35A-1B6F-420A-8D84-74EB41BF3700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"211CC9B2-6108-4C50-AB31-DC527C43053E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75CCB5F1-27F5-4FF9-8389-0A9ABCF7F070\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08DCCBA3-82D2-4444-B5D3-E5FC58D024F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"128F95D7-E49F-4B36-8F47-823C0298449E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E21B3881-37E9-4C00-9336-12C9C28D1B61\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL\", \"name\": \"20210324 Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T16:11:16.876Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-1352\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-08T20:47:25.984625Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-08T21:00:13.599Z\"}}], \"cna\": {\"title\": \"Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability\", \"source\": {\"defect\": [[\"CSCvv51476\"]], \"advisory\": \"cisco-sa-iosxe-decnet-dos-cuPWDkyL\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS XE Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2021-03-24T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL\", \"name\": \"20210324 Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-823\", \"description\": \"CWE-823\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2021-03-24T20:16:01\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.4\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\"}}, \"source\": {\"defect\": [[\"CSCvv51476\"]], \"advisory\": \"cisco-sa-iosxe-decnet-dos-cuPWDkyL\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IOS XE Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL\", \"name\": \"20210324 Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-823\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-1352\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2021-03-24T16:00:00\"}}}}", cveMetadata: "{\"cveId\": \"CVE-2021-1352\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-08T23:31:27.592Z\", \"dateReserved\": \"2020-11-13T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2021-03-24T20:16:01.809530Z\", \"assignerShortName\": \"cisco\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
ICSA-21-110-02
Vulnerability from csaf_cisa
Published
2021-04-20 00:00
Modified
2021-04-20 00:00
Summary
ICSA-21-110-02_Rockwell Automation Stratix Switches
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Cisco reported these vulnerabilities to Rockwell Automation.
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Cisco", summary: "reporting these vulnerabilities to Rockwell Automation", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "summary", text: "Cisco reported these vulnerabilities to Rockwell Automation.", title: "Summary", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "CISAservicedesk@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "ICS Advisory ICSA-21-110-02 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-110-02.json", }, { category: "self", summary: "ICS Advisory ICSA-21-110-02 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-110-02", }, ], title: "ICSA-21-110-02_Rockwell Automation Stratix Switches", tracking: { current_release_date: "2021-04-20T00:00:00.000000Z", generator: { engine: { name: "CISA USCert CSAF Generator", version: "1", }, }, id: "ICSA-21-110-02", initial_release_date: "2021-04-20T00:00:00.000000Z", revision_history: [ { date: "2021-04-20T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-110-02 Rockwell Automation Stratix Switches", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5400: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "Stratix 5400", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5700: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "Stratix 5700", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5410: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "Stratix 5410", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 8000: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "Stratix 8000", }, { branches: [ { category: "product_version_range", name: "<= 16.12.01", product: { name: "Stratix 5800: Versions 16.12.01 and earlier", product_id: "CSAFPID-0005", }, }, ], category: "product_name", name: "Stratix 5800", }, ], category: "vendor", name: "Rockwell Automation", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1392", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, notes: [ { category: "summary", text: "A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE software could allow an authenticated attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the affected device as an administrative user.CVE-2021-1392 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1392", }, { cve: "CVE-2021-1403", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "summary", text: "A vulnerability in the web UI feature of Cisco IOS XE software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial-of-service condition on an affected device.CVE-2021-1403 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1352", cwe: { id: "CWE-823", name: "Use of Out-of-range Pointer Offset", }, notes: [ { category: "summary", text: "A vulnerability in the DECnet protocol processing of Cisco IOS XE software could allow an unauthenticated, adjacent attacker to cause a denial-of-service condition on an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial-of-service condition. This vulnerability affects Stratix 5800 devices if they are running a vulnerable release of Cisco IOS XE software and have the DECnet protocol enabled. DECnet is not enabled by default. CVE-2021-1352 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1442", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "summary", text: "A vulnerability in the Stratix 5800 switches could allow an unauthenticated, physical attacker to execute persistent code at boot time and break the chain of trust. CVE-2021-1452 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1452", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "A vulnerability in a diagnostic command for the Plug and Play (PnP) subsystem of Cisco IOS XE software could allow an authenticated, local attacker to elevate privileges to the level of an administrator on an affected Stratix 5800. Plug-and-Play is disabled after Express Setup has completed.CVE-2021-1442 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1452", }, { cve: "CVE-2021-1443", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "A vulnerability in the Stratix 5800 switches could allow an unauthenticated, physical attacker to execute persistent code at boot time and break the chain of trust.CVE-2021-1452 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1443", }, { cve: "CVE-2021-1220", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A vulnerability in the web UI of the IOS XE software could allow a remote, authenticated attacker to execute arbitrary code with root privileges on the underlying operating system of the affected device. To exploit this vulnerability, an attacker would need to have admin credentials to the device.CVE-2021-1443 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1220", }, ], }
icsa-21-110-02
Vulnerability from csaf_cisa
Published
2021-04-20 00:00
Modified
2021-04-20 00:00
Summary
ICSA-21-110-02_Rockwell Automation Stratix Switches
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Cisco reported these vulnerabilities to Rockwell Automation.
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Cisco", summary: "reporting these vulnerabilities to Rockwell Automation", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "summary", text: "Cisco reported these vulnerabilities to Rockwell Automation.", title: "Summary", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "CISAservicedesk@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "ICS Advisory ICSA-21-110-02 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-110-02.json", }, { category: "self", summary: "ICS Advisory ICSA-21-110-02 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-110-02", }, ], title: "ICSA-21-110-02_Rockwell Automation Stratix Switches", tracking: { current_release_date: "2021-04-20T00:00:00.000000Z", generator: { engine: { name: "CISA USCert CSAF Generator", version: "1", }, }, id: "ICSA-21-110-02", initial_release_date: "2021-04-20T00:00:00.000000Z", revision_history: [ { date: "2021-04-20T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-110-02 Rockwell Automation Stratix Switches", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5400: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "Stratix 5400", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5700: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "Stratix 5700", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 5410: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "Stratix 5410", }, { branches: [ { category: "product_version_range", name: "<= 15.2(7)E3", product: { name: "Stratix 8000: Versions 15.2(7)E3 and earlier", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "Stratix 8000", }, { branches: [ { category: "product_version_range", name: "<= 16.12.01", product: { name: "Stratix 5800: Versions 16.12.01 and earlier", product_id: "CSAFPID-0005", }, }, ], category: "product_name", name: "Stratix 5800", }, ], category: "vendor", name: "Rockwell Automation", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1392", cwe: { id: "CWE-522", name: "Insufficiently Protected Credentials", }, notes: [ { category: "summary", text: "A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE software could allow an authenticated attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the affected device as an administrative user.CVE-2021-1392 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1392", }, { cve: "CVE-2021-1403", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "summary", text: "A vulnerability in the web UI feature of Cisco IOS XE software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking (CSWSH) attack and cause a denial-of-service condition on an affected device.CVE-2021-1403 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1352", cwe: { id: "CWE-823", name: "Use of Out-of-range Pointer Offset", }, notes: [ { category: "summary", text: "A vulnerability in the DECnet protocol processing of Cisco IOS XE software could allow an unauthenticated, adjacent attacker to cause a denial-of-service condition on an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial-of-service condition. This vulnerability affects Stratix 5800 devices if they are running a vulnerable release of Cisco IOS XE software and have the DECnet protocol enabled. DECnet is not enabled by default. CVE-2021-1352 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1442", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "summary", text: "A vulnerability in the Stratix 5800 switches could allow an unauthenticated, physical attacker to execute persistent code at boot time and break the chain of trust. CVE-2021-1452 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1403", }, { cve: "CVE-2021-1452", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "A vulnerability in a diagnostic command for the Plug and Play (PnP) subsystem of Cisco IOS XE software could allow an authenticated, local attacker to elevate privileges to the level of an administrator on an affected Stratix 5800. Plug-and-Play is disabled after Express Setup has completed.CVE-2021-1442 has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1452", }, { cve: "CVE-2021-1443", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "summary", text: "A vulnerability in the Stratix 5800 switches could allow an unauthenticated, physical attacker to execute persistent code at boot time and break the chain of trust.CVE-2021-1452 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1443", }, { cve: "CVE-2021-1220", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A vulnerability in the web UI of the IOS XE software could allow a remote, authenticated attacker to execute arbitrary code with root privileges on the underlying operating system of the affected device. To exploit this vulnerability, an attacker would need to have admin credentials to the device.CVE-2021-1443 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, references: [ { summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", }, ], remediations: [ { category: "mitigation", details: "Rockwell Automation encourages users of the affected Stratix devices to update to an available firmware revision that addresses the associated risk.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "vendor_fix", details: "Stratix 5800: Apply Version 17.04.01 or later. If possible, disable DECnet protocol completely or on select interfaces.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Stratix 8300: Migrate to contemporary solution.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "All versions, including Stratix 8000, Stratix 5700, Stratix 5410, Stratix 5400: Confirm the least-privilege user principle is followed, and user account access to is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Please see the Rockwell Automation security advisory for more detailed information.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1130763", }, { category: "mitigation", details: "Where a fix is not yet available, users who are unable to update are directed towards the risk mitigation strategies provided below, and are encouraged, when possible, to apply general security guidelines to employ multiple strategies simultaneously.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Currently, Rockwell Automation is working to address these vulnerabilities and will continue to provide updates as these fixes become available.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use proper network infrastructure controls, such as firewalls, to help confirm traffic from unauthorized sources is blocked.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Consult the product documentation for specific features, such as a hardware mode switch setting, to which may be used to block unauthorized changes, etc.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Confirm the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Use trusted firmware, antivirus/antimalware programs and interact only with trusted websites and attachments.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "Minimize network exposure for all control system devices and/or systems and confirm they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article PN715", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], url: "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/0494865", }, { category: "mitigation", details: "Locate control system networks and devices behind firewalls and isolate them from the business network.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, { category: "mitigation", details: "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize a VPN is only as secure as the connected devices.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", ], }, ], title: "CVE-2021-1220", }, ], }
cisco-sa-iosxe-decnet-dos-cuPWDkyL
Vulnerability from csaf_cisco
Published
2021-03-24 16:00
Modified
2021-03-24 16:00
Summary
Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability
Notes
Summary
A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is part of the March 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74408"].
Vulnerable Products
This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XE Software and have either the DECnet Phase IV or DECnet/OSI protocol enabled. DECnet is not enabled by default.
For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.
Determine the Device Configuration
To determine if DECnet is enabled, use the show decnet interface command. The following example shows output for a device that is configured for DECnet on the GigabitEthernet0/0/0 interface:
router# show decnet interface
.
.
.
GigabitEthernet0/0/0 is up, line protocol is up, encapsulation is ARPA
Interface cost is 1, priority is 64, DECnet network: 0
We are the designated router
Sending HELLOs every 15 seconds, routing updates 40 seconds
.
.
.
A device is not affected by this vulnerability if DECnet is not enabled, as indicated by the following example of output for the show decnet interface command:
router#show decnet interface
% DECnet is not enabled
Furthermore, a device is not affected by this vulnerability if DECnet protocol processing is not enabled for all interfaces, as indicated by the following example of output for the show decnet interface command:
router#show decnet interface
.
.
.
GigabitEthernet0/0/0 is up, line protocol is up, encapsulation is ARPA
DECnet protocol processing not enabled
.
.
.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following Cisco products:
IOS Software
IOS XR Software
NX-OS Software
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"]
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Cisco IOS and IOS XE Software
To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).
Customers can use the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to search advisories in the following ways:
Choose the software and one or more releases
Upload a .txt file that includes a list of specific releases
Enter the output of the show version command
After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.
Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S:
By default, the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search.
For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032"], Cisco IOS XE 3S Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754"], or Cisco IOS XE 3SG Release Notes ["https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252"], depending on the Cisco IOS XE Software release.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
This vulnerability was found during the resolution of a Cisco TAC support case.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{ document: { acknowledgments: [ { summary: "This vulnerability was found during the resolution of a Cisco TAC support case.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", notes: [ { category: "summary", text: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n\r\n\r\nThis advisory is part of the March 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74408\"].", title: "Summary", }, { category: "general", text: "This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XE Software and have either the DECnet Phase IV or DECnet/OSI protocol enabled. DECnet is not enabled by default.\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n Determine the Device Configuration\r\nTo determine if DECnet is enabled, use the show decnet interface command. The following example shows output for a device that is configured for DECnet on the GigabitEthernet0/0/0 interface:\r\n\r\n\r\nrouter# show decnet interface\r\n.\r\n.\r\n.\r\nGigabitEthernet0/0/0 is up, line protocol is up, encapsulation is ARPA\r\n Interface cost is 1, priority is 64, DECnet network: 0\r\n We are the designated router\r\n Sending HELLOs every 15 seconds, routing updates 40 seconds\r\n.\r\n.\r\n.\r\n\r\nA device is not affected by this vulnerability if DECnet is not enabled, as indicated by the following example of output for the show decnet interface command:\r\n\r\n\r\nrouter#show decnet interface\r\n% DECnet is not enabled\r\n\r\nFurthermore, a device is not affected by this vulnerability if DECnet protocol processing is not enabled for all interfaces, as indicated by the following example of output for the show decnet interface command:\r\n\r\n\r\nrouter#show decnet interface\r\n.\r\n.\r\n.\r\nGigabitEthernet0/0/0 is up, line protocol is up, encapsulation is ARPA\r\nDECnet protocol processing not enabled\r\n.\r\n.\r\n.", title: "Vulnerable Products", }, { category: "general", text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nIOS Software\r\nIOS XR Software\r\nNX-OS Software", title: "Products Confirmed Not Vulnerable", }, { category: "general", text: "There are no workarounds that address this vulnerability.", title: "Workarounds", }, { category: "general", text: "Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n Cisco IOS and IOS XE Software\r\nTo help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).\r\n\r\nCustomers can use the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to search advisories in the following ways:\r\n\r\nChoose the software and one or more releases\r\nUpload a .txt file that includes a list of specific releases\r\nEnter the output of the show version command\r\n\r\nAfter initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.\r\n\r\nCustomers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S:\r\n\r\n\r\n\r\nBy default, the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search.\r\n\r\nFor a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes [\"https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032\"], Cisco IOS XE 3S Release Notes [\"https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754\"], or Cisco IOS XE 3SG Release Notes [\"https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252\"], depending on the Cisco IOS XE Software release.", title: "Fixed Software", }, { category: "general", text: "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", title: "Vulnerability Policy", }, { category: "general", text: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", title: "Exploitation and Public Announcements", }, { category: "general", text: "This vulnerability was found during the resolution of a Cisco TAC support case.", title: "Source", }, { category: "legal_disclaimer", text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", title: "Legal Disclaimer", }, ], publisher: { category: "vendor", contact_details: "psirt@cisco.com", issuing_authority: "Cisco PSIRT", name: "Cisco", namespace: "https://wwww.cisco.com", }, references: [ { category: "self", summary: "Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, { category: "external", summary: "Cisco Event Response: March 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74408", }, { category: "external", summary: "Cisco Security Vulnerability Policy", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", }, { category: "external", summary: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html", url: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html", }, { category: "external", summary: "considering software upgrades", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes", }, { category: "external", summary: "Cisco Security Advisories page", url: "https://www.cisco.com/go/psirt", }, { category: "external", summary: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html", url: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html", }, { category: "external", summary: "Cisco Software Checker", url: "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x", }, { category: "external", summary: "Cisco IOS XE 2 Release Notes", url: "https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032", }, { category: "external", summary: "Cisco IOS XE 3S Release Notes", url: "https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754", }, { category: "external", summary: "Cisco IOS XE 3SG Release Notes", url: "https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252", }, ], title: "Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", tracking: { current_release_date: "2021-03-24T16:00:00+00:00", generator: { date: "2024-05-10T23:00:37+00:00", engine: { name: "TVCE", }, }, id: "cisco-sa-iosxe-decnet-dos-cuPWDkyL", initial_release_date: "2021-03-24T16:00:00+00:00", revision_history: [ { date: "2021-03-24T15:30:25+00:00", number: "1.0.0", summary: "Initial public release.", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { branches: [ { category: "service_pack", name: "16.4.1", product: { name: "16.4.1", product_id: "CSAFPID-214051", }, }, { category: "service_pack", name: "16.4.2", product: { name: "16.4.2", product_id: "CSAFPID-217257", }, }, { category: "service_pack", name: "16.4.3", product: { name: "16.4.3", product_id: "CSAFPID-231390", }, }, ], category: "product_version", name: "16.4", }, { branches: [ { category: "service_pack", name: "16.5.1", product: { name: "16.5.1", product_id: "CSAFPID-217259", }, }, { category: "service_pack", name: "16.5.1a", product: { name: "16.5.1a", product_id: "CSAFPID-225784", }, }, { category: "service_pack", name: "16.5.1b", product: { name: "16.5.1b", product_id: "CSAFPID-226330", }, }, { category: "service_pack", name: "16.5.2", product: { name: "16.5.2", product_id: "CSAFPID-229187", }, }, { category: "service_pack", name: "16.5.3", product: { name: "16.5.3", product_id: "CSAFPID-232461", }, }, ], category: "product_version", name: "16.5", }, { branches: [ { category: "service_pack", name: "16.6.1", product: { name: "16.6.1", product_id: "CSAFPID-218901", }, }, { category: "service_pack", name: "16.6.2", product: { name: "16.6.2", product_id: "CSAFPID-228706", }, }, { category: "service_pack", name: "16.6.3", product: { name: "16.6.3", product_id: "CSAFPID-231682", }, }, { category: "service_pack", name: "16.6.4", product: { name: "16.6.4", product_id: "CSAFPID-233155", }, }, { category: "service_pack", name: "16.6.5", product: { name: "16.6.5", product_id: "CSAFPID-241736", }, }, { category: "service_pack", name: "16.6.4s", product: { name: "16.6.4s", product_id: "CSAFPID-244900", }, }, { category: "service_pack", name: "16.6.4a", product: { name: "16.6.4a", product_id: "CSAFPID-247629", }, }, { category: "service_pack", name: "16.6.5a", product: { name: "16.6.5a", product_id: "CSAFPID-252235", }, }, { category: "service_pack", name: "16.6.6", product: { name: "16.6.6", product_id: "CSAFPID-252914", }, }, { category: "service_pack", name: "16.6.5b", product: { name: "16.6.5b", product_id: "CSAFPID-258170", }, }, { category: "service_pack", name: "16.6.7", product: { name: "16.6.7", product_id: "CSAFPID-261241", }, }, { category: "service_pack", name: "16.6.7a", product: { name: "16.6.7a", product_id: "CSAFPID-270097", }, }, { category: "service_pack", name: "16.6.8", product: { name: "16.6.8", product_id: "CSAFPID-277148", }, }, ], category: "product_version", name: "16.6", }, { branches: [ { category: "service_pack", name: "16.7.1", product: { name: "16.7.1", product_id: "CSAFPID-218903", }, }, { category: "service_pack", name: "16.7.2", product: { name: "16.7.2", product_id: "CSAFPID-236837", }, }, { category: "service_pack", name: "16.7.3", product: { name: "16.7.3", product_id: "CSAFPID-244070", }, }, ], category: "product_version", name: "16.7", }, { branches: [ { category: "service_pack", name: "16.8.1", product: { name: "16.8.1", product_id: "CSAFPID-218905", }, }, { category: "service_pack", name: "16.8.1a", product: { name: "16.8.1a", product_id: "CSAFPID-235307", }, }, { category: "service_pack", name: "16.8.1b", product: { name: "16.8.1b", product_id: "CSAFPID-235858", }, }, { category: "service_pack", name: "16.8.1s", product: { name: "16.8.1s", product_id: "CSAFPID-236834", }, }, { category: "service_pack", name: "16.8.1c", product: { name: "16.8.1c", product_id: "CSAFPID-237460", }, }, { category: "service_pack", name: "16.8.2", product: { name: "16.8.2", product_id: "CSAFPID-244071", }, }, { category: "service_pack", name: "16.8.3", product: { name: "16.8.3", product_id: "CSAFPID-257984", }, }, ], category: "product_version", name: "16.8", }, { branches: [ { category: "service_pack", name: "16.9.1", product: { name: "16.9.1", product_id: "CSAFPID-225856", }, }, { category: "service_pack", name: "16.9.2", product: { name: "16.9.2", product_id: "CSAFPID-232008", }, }, { category: "service_pack", name: "16.9.1a", product: { name: "16.9.1a", product_id: "CSAFPID-242308", }, }, { category: "service_pack", name: "16.9.1b", product: { name: "16.9.1b", product_id: "CSAFPID-243362", }, }, { category: "service_pack", name: "16.9.1s", product: { name: "16.9.1s", product_id: "CSAFPID-244530", }, }, { category: "service_pack", name: "16.9.1c", product: { name: "16.9.1c", product_id: "CSAFPID-245375", }, }, { category: "service_pack", name: "16.9.1d", product: { name: "16.9.1d", product_id: "CSAFPID-248242", }, }, { category: "service_pack", name: "16.9.3", product: { name: "16.9.3", product_id: "CSAFPID-251075", }, }, { category: "service_pack", name: "16.9.2a", product: { name: "16.9.2a", product_id: "CSAFPID-251166", }, }, { category: "service_pack", name: "16.9.2s", product: { name: "16.9.2s", product_id: "CSAFPID-252272", }, }, { category: "service_pack", name: "16.9.3h", product: { name: "16.9.3h", product_id: "CSAFPID-258229", }, }, { category: "service_pack", name: "16.9.4", product: { name: "16.9.4", product_id: "CSAFPID-262390", }, }, { category: "service_pack", name: "16.9.3s", product: { name: "16.9.3s", product_id: "CSAFPID-262549", }, }, { category: "service_pack", name: "16.9.3a", product: { name: "16.9.3a", product_id: "CSAFPID-263804", }, }, { category: "service_pack", name: "16.9.4c", product: { name: "16.9.4c", product_id: "CSAFPID-268921", }, }, { category: "service_pack", name: "16.9.5", product: { name: "16.9.5", product_id: "CSAFPID-271798", }, }, { category: "service_pack", name: "16.9.5f", product: { name: "16.9.5f", product_id: "CSAFPID-276837", }, }, { category: "service_pack", name: "16.9.6", product: { name: "16.9.6", product_id: "CSAFPID-277945", }, }, ], category: "product_version", name: "16.9", }, { branches: [ { category: "service_pack", name: "16.10.1", product: { name: "16.10.1", product_id: "CSAFPID-225858", }, }, { category: "service_pack", name: "16.10.1a", product: { name: "16.10.1a", product_id: "CSAFPID-250629", }, }, { category: "service_pack", name: "16.10.1b", product: { name: "16.10.1b", product_id: "CSAFPID-252045", }, }, { category: "service_pack", name: "16.10.1s", product: { name: "16.10.1s", product_id: "CSAFPID-252913", }, }, { category: "service_pack", name: "16.10.1e", product: { name: "16.10.1e", product_id: "CSAFPID-257955", }, }, { category: "service_pack", name: "16.10.2", product: { name: "16.10.2", product_id: "CSAFPID-260917", }, }, { category: "service_pack", name: "16.10.3", product: { name: "16.10.3", product_id: "CSAFPID-273112", }, }, ], category: "product_version", name: "16.10", }, { branches: [ { category: "service_pack", name: "16.11.1", product: { name: "16.11.1", product_id: "CSAFPID-227918", }, }, { category: "service_pack", name: "16.11.1a", product: { name: "16.11.1a", product_id: "CSAFPID-252271", }, }, { category: "service_pack", name: "16.11.1b", product: { name: "16.11.1b", product_id: "CSAFPID-260741", }, }, { category: "service_pack", name: "16.11.2", product: { name: "16.11.2", product_id: "CSAFPID-261240", }, }, { category: "service_pack", name: "16.11.1s", product: { name: "16.11.1s", product_id: "CSAFPID-261465", }, }, { category: "service_pack", name: "16.11.1c", product: { name: "16.11.1c", product_id: "CSAFPID-264096", }, }, ], category: "product_version", name: "16.11", }, { branches: [ { category: "service_pack", name: "16.12.1", product: { name: "16.12.1", product_id: "CSAFPID-227920", }, }, { category: "service_pack", name: "16.12.1s", product: { name: "16.12.1s", product_id: "CSAFPID-265735", }, }, { category: "service_pack", name: "16.12.1a", product: { name: "16.12.1a", product_id: "CSAFPID-265841", }, }, { category: "service_pack", name: "16.12.1c", product: { name: "16.12.1c", product_id: "CSAFPID-267110", }, }, { category: "service_pack", name: "16.12.2", product: { name: "16.12.2", product_id: "CSAFPID-267605", }, }, { category: "service_pack", name: "16.12.2a", product: { name: "16.12.2a", product_id: "CSAFPID-272047", }, }, { category: "service_pack", name: "16.12.3", product: { name: "16.12.3", product_id: "CSAFPID-273445", }, }, { category: "service_pack", name: "16.12.2s", product: { name: "16.12.2s", product_id: "CSAFPID-273509", }, }, { category: "service_pack", name: "16.12.1t", product: { name: "16.12.1t", product_id: "CSAFPID-274832", }, }, { category: "service_pack", name: "16.12.2t", product: { name: "16.12.2t", product_id: "CSAFPID-275538", }, }, { category: "service_pack", name: "16.12.4", product: { name: "16.12.4", product_id: "CSAFPID-277147", }, }, { category: "service_pack", name: "16.12.3s", product: { name: "16.12.3s", product_id: "CSAFPID-277255", }, }, { category: "service_pack", name: "16.12.3a", product: { name: "16.12.3a", product_id: "CSAFPID-277321", }, }, { category: "service_pack", name: "16.12.4a", product: { name: "16.12.4a", product_id: "CSAFPID-278881", }, }, { category: "service_pack", name: "16.12.1z2", product: { name: "16.12.1z2", product_id: "CSAFPID-283831", }, }, ], category: "product_version", name: "16.12", }, { branches: [ { category: "service_pack", name: "17.1.1", product: { name: "17.1.1", product_id: "CSAFPID-245377", }, }, { category: "service_pack", name: "17.1.1a", product: { name: "17.1.1a", product_id: "CSAFPID-272932", }, }, { category: "service_pack", name: "17.1.1s", product: { name: "17.1.1s", product_id: "CSAFPID-274818", }, }, { category: "service_pack", name: "17.1.2", product: { name: "17.1.2", product_id: "CSAFPID-277338", }, }, { category: "service_pack", name: "17.1.1t", product: { name: "17.1.1t", product_id: "CSAFPID-277348", }, }, ], category: "product_version", name: "17.1", }, { branches: [ { category: "service_pack", name: "17.2.1", product: { name: "17.2.1", product_id: "CSAFPID-251225", }, }, { category: "service_pack", name: "17.2.1r", product: { name: "17.2.1r", product_id: "CSAFPID-277194", }, }, { category: "service_pack", name: "17.2.1a", product: { name: "17.2.1a", product_id: "CSAFPID-277343", }, }, { category: "service_pack", name: "17.2.1v", product: { name: "17.2.1v", product_id: "CSAFPID-278002", }, }, { category: "service_pack", name: "17.2.2", product: { name: "17.2.2", product_id: "CSAFPID-278504", }, }, ], category: "product_version", name: "17.2", }, { branches: [ { category: "service_pack", name: "17.3.1", product: { name: "17.3.1", product_id: "CSAFPID-254712", }, }, { category: "service_pack", name: "17.3.1a", product: { name: "17.3.1a", product_id: "CSAFPID-279338", }, }, ], category: "product_version", name: "17.3", }, ], category: "product_family", name: "Cisco IOS XE Software", }, ], category: "vendor", name: "Cisco", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1352", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv51476", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-214051", "CSAFPID-217257", "CSAFPID-217259", "CSAFPID-218901", "CSAFPID-218903", "CSAFPID-218905", "CSAFPID-225784", "CSAFPID-225856", "CSAFPID-225858", "CSAFPID-226330", "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-228706", "CSAFPID-229187", "CSAFPID-231390", "CSAFPID-231682", "CSAFPID-232008", "CSAFPID-232461", "CSAFPID-233155", "CSAFPID-235307", "CSAFPID-235858", "CSAFPID-236834", "CSAFPID-236837", "CSAFPID-237460", "CSAFPID-241736", "CSAFPID-242308", "CSAFPID-243362", "CSAFPID-244070", "CSAFPID-244071", "CSAFPID-244530", "CSAFPID-244900", "CSAFPID-245375", "CSAFPID-245377", "CSAFPID-247629", "CSAFPID-248242", "CSAFPID-250629", "CSAFPID-251075", "CSAFPID-251166", "CSAFPID-251225", "CSAFPID-252045", "CSAFPID-252235", "CSAFPID-252271", "CSAFPID-252272", "CSAFPID-252913", "CSAFPID-252914", "CSAFPID-254712", "CSAFPID-257955", "CSAFPID-257984", "CSAFPID-258170", "CSAFPID-258229", "CSAFPID-260741", "CSAFPID-260917", "CSAFPID-261240", "CSAFPID-261241", "CSAFPID-261465", "CSAFPID-262390", "CSAFPID-262549", "CSAFPID-263804", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267605", "CSAFPID-268921", "CSAFPID-270097", "CSAFPID-271798", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273112", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-276837", "CSAFPID-277147", "CSAFPID-277148", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-277945", "CSAFPID-278002", "CSAFPID-278504", "CSAFPID-278881", "CSAFPID-279338", "CSAFPID-283831", ], }, release_date: "2021-03-24T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-214051", "CSAFPID-217257", "CSAFPID-217259", "CSAFPID-218901", "CSAFPID-218903", "CSAFPID-218905", "CSAFPID-225784", "CSAFPID-225856", "CSAFPID-225858", "CSAFPID-226330", "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-228706", "CSAFPID-229187", "CSAFPID-231390", "CSAFPID-231682", "CSAFPID-232008", "CSAFPID-232461", "CSAFPID-233155", "CSAFPID-235307", "CSAFPID-235858", "CSAFPID-236834", "CSAFPID-236837", "CSAFPID-237460", "CSAFPID-241736", "CSAFPID-242308", "CSAFPID-243362", "CSAFPID-244070", "CSAFPID-244071", "CSAFPID-244530", "CSAFPID-244900", "CSAFPID-245375", "CSAFPID-245377", "CSAFPID-247629", "CSAFPID-248242", "CSAFPID-250629", "CSAFPID-251075", "CSAFPID-251166", "CSAFPID-251225", "CSAFPID-252045", "CSAFPID-252235", "CSAFPID-252271", "CSAFPID-252272", "CSAFPID-252913", "CSAFPID-252914", "CSAFPID-254712", "CSAFPID-257955", "CSAFPID-257984", "CSAFPID-258170", "CSAFPID-258229", "CSAFPID-260741", "CSAFPID-260917", "CSAFPID-261240", "CSAFPID-261241", "CSAFPID-261465", "CSAFPID-262390", "CSAFPID-262549", "CSAFPID-263804", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267605", "CSAFPID-268921", "CSAFPID-270097", "CSAFPID-271798", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273112", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-276837", "CSAFPID-277147", "CSAFPID-277148", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-277945", "CSAFPID-278002", "CSAFPID-278504", "CSAFPID-278881", "CSAFPID-279338", "CSAFPID-283831", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-214051", "CSAFPID-217257", "CSAFPID-217259", "CSAFPID-218901", "CSAFPID-218903", "CSAFPID-218905", "CSAFPID-225784", "CSAFPID-225856", "CSAFPID-225858", "CSAFPID-226330", "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-228706", "CSAFPID-229187", "CSAFPID-231390", "CSAFPID-231682", "CSAFPID-232008", "CSAFPID-232461", "CSAFPID-233155", "CSAFPID-235307", "CSAFPID-235858", "CSAFPID-236834", "CSAFPID-236837", "CSAFPID-237460", "CSAFPID-241736", "CSAFPID-242308", "CSAFPID-243362", "CSAFPID-244070", "CSAFPID-244071", "CSAFPID-244530", "CSAFPID-244900", "CSAFPID-245375", "CSAFPID-245377", "CSAFPID-247629", "CSAFPID-248242", "CSAFPID-250629", "CSAFPID-251075", "CSAFPID-251166", "CSAFPID-251225", "CSAFPID-252045", "CSAFPID-252235", "CSAFPID-252271", "CSAFPID-252272", "CSAFPID-252913", "CSAFPID-252914", "CSAFPID-254712", "CSAFPID-257955", "CSAFPID-257984", "CSAFPID-258170", "CSAFPID-258229", "CSAFPID-260741", "CSAFPID-260917", "CSAFPID-261240", "CSAFPID-261241", "CSAFPID-261465", "CSAFPID-262390", "CSAFPID-262549", "CSAFPID-263804", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267605", "CSAFPID-268921", "CSAFPID-270097", "CSAFPID-271798", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273112", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-276837", "CSAFPID-277147", "CSAFPID-277148", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-277945", "CSAFPID-278002", "CSAFPID-278504", "CSAFPID-278881", "CSAFPID-279338", "CSAFPID-283831", ], }, ], title: "Cisco IOS XE Software DECnet Denial of Service Vulnerability", }, ], }
cisco-sa-iosxe-decnet-dos-cupwdkyl
Vulnerability from csaf_cisco
Published
2021-03-24 16:00
Modified
2021-03-24 16:00
Summary
Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability
Notes
Summary
A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is part of the March 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74408"].
Vulnerable Products
This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XE Software and have either the DECnet Phase IV or DECnet/OSI protocol enabled. DECnet is not enabled by default.
For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.
Determine the Device Configuration
To determine if DECnet is enabled, use the show decnet interface command. The following example shows output for a device that is configured for DECnet on the GigabitEthernet0/0/0 interface:
router# show decnet interface
.
.
.
GigabitEthernet0/0/0 is up, line protocol is up, encapsulation is ARPA
Interface cost is 1, priority is 64, DECnet network: 0
We are the designated router
Sending HELLOs every 15 seconds, routing updates 40 seconds
.
.
.
A device is not affected by this vulnerability if DECnet is not enabled, as indicated by the following example of output for the show decnet interface command:
router#show decnet interface
% DECnet is not enabled
Furthermore, a device is not affected by this vulnerability if DECnet protocol processing is not enabled for all interfaces, as indicated by the following example of output for the show decnet interface command:
router#show decnet interface
.
.
.
GigabitEthernet0/0/0 is up, line protocol is up, encapsulation is ARPA
DECnet protocol processing not enabled
.
.
.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following Cisco products:
IOS Software
IOS XR Software
NX-OS Software
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"]
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Cisco IOS and IOS XE Software
To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).
Customers can use the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] to search advisories in the following ways:
Choose the software and one or more releases
Upload a .txt file that includes a list of specific releases
Enter the output of the show version command
After initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.
Customers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S:
By default, the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search.
For a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032"], Cisco IOS XE 3S Release Notes ["https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754"], or Cisco IOS XE 3SG Release Notes ["https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252"], depending on the Cisco IOS XE Software release.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
This vulnerability was found during the resolution of a Cisco TAC support case.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{ document: { acknowledgments: [ { summary: "This vulnerability was found during the resolution of a Cisco TAC support case.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", notes: [ { category: "summary", text: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\r\n\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\r\n\r\n\r\n\r\nThis advisory is part of the March 2021 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74408\"].", title: "Summary", }, { category: "general", text: "This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XE Software and have either the DECnet Phase IV or DECnet/OSI protocol enabled. DECnet is not enabled by default.\r\n\r\nFor information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n Determine the Device Configuration\r\nTo determine if DECnet is enabled, use the show decnet interface command. The following example shows output for a device that is configured for DECnet on the GigabitEthernet0/0/0 interface:\r\n\r\n\r\nrouter# show decnet interface\r\n.\r\n.\r\n.\r\nGigabitEthernet0/0/0 is up, line protocol is up, encapsulation is ARPA\r\n Interface cost is 1, priority is 64, DECnet network: 0\r\n We are the designated router\r\n Sending HELLOs every 15 seconds, routing updates 40 seconds\r\n.\r\n.\r\n.\r\n\r\nA device is not affected by this vulnerability if DECnet is not enabled, as indicated by the following example of output for the show decnet interface command:\r\n\r\n\r\nrouter#show decnet interface\r\n% DECnet is not enabled\r\n\r\nFurthermore, a device is not affected by this vulnerability if DECnet protocol processing is not enabled for all interfaces, as indicated by the following example of output for the show decnet interface command:\r\n\r\n\r\nrouter#show decnet interface\r\n.\r\n.\r\n.\r\nGigabitEthernet0/0/0 is up, line protocol is up, encapsulation is ARPA\r\nDECnet protocol processing not enabled\r\n.\r\n.\r\n.", title: "Vulnerable Products", }, { category: "general", text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products:\r\n\r\nIOS Software\r\nIOS XR Software\r\nNX-OS Software", title: "Products Confirmed Not Vulnerable", }, { category: "general", text: "There are no workarounds that address this vulnerability.", title: "Workarounds", }, { category: "general", text: "Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:\r\nhttps://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Customers Without Service Contracts\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n Cisco IOS and IOS XE Software\r\nTo help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to identify any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).\r\n\r\nCustomers can use the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] to search advisories in the following ways:\r\n\r\nChoose the software and one or more releases\r\nUpload a .txt file that includes a list of specific releases\r\nEnter the output of the show version command\r\n\r\nAfter initiating a search, customers can customize the search to include all Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication.\r\n\r\nCustomers can also use the following form to determine whether a release is affected by any Cisco Security Advisory by entering a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S:\r\n\r\n\r\n\r\nBy default, the Cisco Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, customers can use the Cisco Software Checker on Cisco.com and check the Medium check box in the drop-down list under Impact Rating when customizing a search.\r\n\r\nFor a mapping of Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 Release Notes [\"https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032\"], Cisco IOS XE 3S Release Notes [\"https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754\"], or Cisco IOS XE 3SG Release Notes [\"https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252\"], depending on the Cisco IOS XE Software release.", title: "Fixed Software", }, { category: "general", text: "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", title: "Vulnerability Policy", }, { category: "general", text: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", title: "Exploitation and Public Announcements", }, { category: "general", text: "This vulnerability was found during the resolution of a Cisco TAC support case.", title: "Source", }, { category: "legal_disclaimer", text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", title: "Legal Disclaimer", }, ], publisher: { category: "vendor", contact_details: "psirt@cisco.com", issuing_authority: "Cisco PSIRT", name: "Cisco", namespace: "https://wwww.cisco.com", }, references: [ { category: "self", summary: "Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, { category: "external", summary: "Cisco Event Response: March 2021 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication", url: "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74408", }, { category: "external", summary: "Cisco Security Vulnerability Policy", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", }, { category: "external", summary: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html", url: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html", }, { category: "external", summary: "considering software upgrades", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes", }, { category: "external", summary: "Cisco Security Advisories page", url: "https://www.cisco.com/go/psirt", }, { category: "external", summary: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html", url: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html", }, { category: "external", summary: "Cisco Software Checker", url: "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x", }, { category: "external", summary: "Cisco IOS XE 2 Release Notes", url: "https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/2/release/notes/rnasr21/rnasr21_gen.html#wp3000032", }, { category: "external", summary: "Cisco IOS XE 3S Release Notes", url: "https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_rn_3s_sys_req.html#wp3069754", }, { category: "external", summary: "Cisco IOS XE 3SG Release Notes", url: "https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_24726.html#pgfId-2570252", }, ], title: "Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", tracking: { current_release_date: "2021-03-24T16:00:00+00:00", generator: { date: "2024-05-10T23:00:37+00:00", engine: { name: "TVCE", }, }, id: "cisco-sa-iosxe-decnet-dos-cuPWDkyL", initial_release_date: "2021-03-24T16:00:00+00:00", revision_history: [ { date: "2021-03-24T15:30:25+00:00", number: "1.0.0", summary: "Initial public release.", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { branches: [ { category: "service_pack", name: "16.4.1", product: { name: "16.4.1", product_id: "CSAFPID-214051", }, }, { category: "service_pack", name: "16.4.2", product: { name: "16.4.2", product_id: "CSAFPID-217257", }, }, { category: "service_pack", name: "16.4.3", product: { name: "16.4.3", product_id: "CSAFPID-231390", }, }, ], category: "product_version", name: "16.4", }, { branches: [ { category: "service_pack", name: "16.5.1", product: { name: "16.5.1", product_id: "CSAFPID-217259", }, }, { category: "service_pack", name: "16.5.1a", product: { name: "16.5.1a", product_id: "CSAFPID-225784", }, }, { category: "service_pack", name: "16.5.1b", product: { name: "16.5.1b", product_id: "CSAFPID-226330", }, }, { category: "service_pack", name: "16.5.2", product: { name: "16.5.2", product_id: "CSAFPID-229187", }, }, { category: "service_pack", name: "16.5.3", product: { name: "16.5.3", product_id: "CSAFPID-232461", }, }, ], category: "product_version", name: "16.5", }, { branches: [ { category: "service_pack", name: "16.6.1", product: { name: "16.6.1", product_id: "CSAFPID-218901", }, }, { category: "service_pack", name: "16.6.2", product: { name: "16.6.2", product_id: "CSAFPID-228706", }, }, { category: "service_pack", name: "16.6.3", product: { name: "16.6.3", product_id: "CSAFPID-231682", }, }, { category: "service_pack", name: "16.6.4", product: { name: "16.6.4", product_id: "CSAFPID-233155", }, }, { category: "service_pack", name: "16.6.5", product: { name: "16.6.5", product_id: "CSAFPID-241736", }, }, { category: "service_pack", name: "16.6.4s", product: { name: "16.6.4s", product_id: "CSAFPID-244900", }, }, { category: "service_pack", name: "16.6.4a", product: { name: "16.6.4a", product_id: "CSAFPID-247629", }, }, { category: "service_pack", name: "16.6.5a", product: { name: "16.6.5a", product_id: "CSAFPID-252235", }, }, { category: "service_pack", name: "16.6.6", product: { name: "16.6.6", product_id: "CSAFPID-252914", }, }, { category: "service_pack", name: "16.6.5b", product: { name: "16.6.5b", product_id: "CSAFPID-258170", }, }, { category: "service_pack", name: "16.6.7", product: { name: "16.6.7", product_id: "CSAFPID-261241", }, }, { category: "service_pack", name: "16.6.7a", product: { name: "16.6.7a", product_id: "CSAFPID-270097", }, }, { category: "service_pack", name: "16.6.8", product: { name: "16.6.8", product_id: "CSAFPID-277148", }, }, ], category: "product_version", name: "16.6", }, { branches: [ { category: "service_pack", name: "16.7.1", product: { name: "16.7.1", product_id: "CSAFPID-218903", }, }, { category: "service_pack", name: "16.7.2", product: { name: "16.7.2", product_id: "CSAFPID-236837", }, }, { category: "service_pack", name: "16.7.3", product: { name: "16.7.3", product_id: "CSAFPID-244070", }, }, ], category: "product_version", name: "16.7", }, { branches: [ { category: "service_pack", name: "16.8.1", product: { name: "16.8.1", product_id: "CSAFPID-218905", }, }, { category: "service_pack", name: "16.8.1a", product: { name: "16.8.1a", product_id: "CSAFPID-235307", }, }, { category: "service_pack", name: "16.8.1b", product: { name: "16.8.1b", product_id: "CSAFPID-235858", }, }, { category: "service_pack", name: "16.8.1s", product: { name: "16.8.1s", product_id: "CSAFPID-236834", }, }, { category: "service_pack", name: "16.8.1c", product: { name: "16.8.1c", product_id: "CSAFPID-237460", }, }, { category: "service_pack", name: "16.8.2", product: { name: "16.8.2", product_id: "CSAFPID-244071", }, }, { category: "service_pack", name: "16.8.3", product: { name: "16.8.3", product_id: "CSAFPID-257984", }, }, ], category: "product_version", name: "16.8", }, { branches: [ { category: "service_pack", name: "16.9.1", product: { name: "16.9.1", product_id: "CSAFPID-225856", }, }, { category: "service_pack", name: "16.9.2", product: { name: "16.9.2", product_id: "CSAFPID-232008", }, }, { category: "service_pack", name: "16.9.1a", product: { name: "16.9.1a", product_id: "CSAFPID-242308", }, }, { category: "service_pack", name: "16.9.1b", product: { name: "16.9.1b", product_id: "CSAFPID-243362", }, }, { category: "service_pack", name: "16.9.1s", product: { name: "16.9.1s", product_id: "CSAFPID-244530", }, }, { category: "service_pack", name: "16.9.1c", product: { name: "16.9.1c", product_id: "CSAFPID-245375", }, }, { category: "service_pack", name: "16.9.1d", product: { name: "16.9.1d", product_id: "CSAFPID-248242", }, }, { category: "service_pack", name: "16.9.3", product: { name: "16.9.3", product_id: "CSAFPID-251075", }, }, { category: "service_pack", name: "16.9.2a", product: { name: "16.9.2a", product_id: "CSAFPID-251166", }, }, { category: "service_pack", name: "16.9.2s", product: { name: "16.9.2s", product_id: "CSAFPID-252272", }, }, { category: "service_pack", name: "16.9.3h", product: { name: "16.9.3h", product_id: "CSAFPID-258229", }, }, { category: "service_pack", name: "16.9.4", product: { name: "16.9.4", product_id: "CSAFPID-262390", }, }, { category: "service_pack", name: "16.9.3s", product: { name: "16.9.3s", product_id: "CSAFPID-262549", }, }, { category: "service_pack", name: "16.9.3a", product: { name: "16.9.3a", product_id: "CSAFPID-263804", }, }, { category: "service_pack", name: "16.9.4c", product: { name: "16.9.4c", product_id: "CSAFPID-268921", }, }, { category: "service_pack", name: "16.9.5", product: { name: "16.9.5", product_id: "CSAFPID-271798", }, }, { category: "service_pack", name: "16.9.5f", product: { name: "16.9.5f", product_id: "CSAFPID-276837", }, }, { category: "service_pack", name: "16.9.6", product: { name: "16.9.6", product_id: "CSAFPID-277945", }, }, ], category: "product_version", name: "16.9", }, { branches: [ { category: "service_pack", name: "16.10.1", product: { name: "16.10.1", product_id: "CSAFPID-225858", }, }, { category: "service_pack", name: "16.10.1a", product: { name: "16.10.1a", product_id: "CSAFPID-250629", }, }, { category: "service_pack", name: "16.10.1b", product: { name: "16.10.1b", product_id: "CSAFPID-252045", }, }, { category: "service_pack", name: "16.10.1s", product: { name: "16.10.1s", product_id: "CSAFPID-252913", }, }, { category: "service_pack", name: "16.10.1e", product: { name: "16.10.1e", product_id: "CSAFPID-257955", }, }, { category: "service_pack", name: "16.10.2", product: { name: "16.10.2", product_id: "CSAFPID-260917", }, }, { category: "service_pack", name: "16.10.3", product: { name: "16.10.3", product_id: "CSAFPID-273112", }, }, ], category: "product_version", name: "16.10", }, { branches: [ { category: "service_pack", name: "16.11.1", product: { name: "16.11.1", product_id: "CSAFPID-227918", }, }, { category: "service_pack", name: "16.11.1a", product: { name: "16.11.1a", product_id: "CSAFPID-252271", }, }, { category: "service_pack", name: "16.11.1b", product: { name: "16.11.1b", product_id: "CSAFPID-260741", }, }, { category: "service_pack", name: "16.11.2", product: { name: "16.11.2", product_id: "CSAFPID-261240", }, }, { category: "service_pack", name: "16.11.1s", product: { name: "16.11.1s", product_id: "CSAFPID-261465", }, }, { category: "service_pack", name: "16.11.1c", product: { name: "16.11.1c", product_id: "CSAFPID-264096", }, }, ], category: "product_version", name: "16.11", }, { branches: [ { category: "service_pack", name: "16.12.1", product: { name: "16.12.1", product_id: "CSAFPID-227920", }, }, { category: "service_pack", name: "16.12.1s", product: { name: "16.12.1s", product_id: "CSAFPID-265735", }, }, { category: "service_pack", name: "16.12.1a", product: { name: "16.12.1a", product_id: "CSAFPID-265841", }, }, { category: "service_pack", name: "16.12.1c", product: { name: "16.12.1c", product_id: "CSAFPID-267110", }, }, { category: "service_pack", name: "16.12.2", product: { name: "16.12.2", product_id: "CSAFPID-267605", }, }, { category: "service_pack", name: "16.12.2a", product: { name: "16.12.2a", product_id: "CSAFPID-272047", }, }, { category: "service_pack", name: "16.12.3", product: { name: "16.12.3", product_id: "CSAFPID-273445", }, }, { category: "service_pack", name: "16.12.2s", product: { name: "16.12.2s", product_id: "CSAFPID-273509", }, }, { category: "service_pack", name: "16.12.1t", product: { name: "16.12.1t", product_id: "CSAFPID-274832", }, }, { category: "service_pack", name: "16.12.2t", product: { name: "16.12.2t", product_id: "CSAFPID-275538", }, }, { category: "service_pack", name: "16.12.4", product: { name: "16.12.4", product_id: "CSAFPID-277147", }, }, { category: "service_pack", name: "16.12.3s", product: { name: "16.12.3s", product_id: "CSAFPID-277255", }, }, { category: "service_pack", name: "16.12.3a", product: { name: "16.12.3a", product_id: "CSAFPID-277321", }, }, { category: "service_pack", name: "16.12.4a", product: { name: "16.12.4a", product_id: "CSAFPID-278881", }, }, { category: "service_pack", name: "16.12.1z2", product: { name: "16.12.1z2", product_id: "CSAFPID-283831", }, }, ], category: "product_version", name: "16.12", }, { branches: [ { category: "service_pack", name: "17.1.1", product: { name: "17.1.1", product_id: "CSAFPID-245377", }, }, { category: "service_pack", name: "17.1.1a", product: { name: "17.1.1a", product_id: "CSAFPID-272932", }, }, { category: "service_pack", name: "17.1.1s", product: { name: "17.1.1s", product_id: "CSAFPID-274818", }, }, { category: "service_pack", name: "17.1.2", product: { name: "17.1.2", product_id: "CSAFPID-277338", }, }, { category: "service_pack", name: "17.1.1t", product: { name: "17.1.1t", product_id: "CSAFPID-277348", }, }, ], category: "product_version", name: "17.1", }, { branches: [ { category: "service_pack", name: "17.2.1", product: { name: "17.2.1", product_id: "CSAFPID-251225", }, }, { category: "service_pack", name: "17.2.1r", product: { name: "17.2.1r", product_id: "CSAFPID-277194", }, }, { category: "service_pack", name: "17.2.1a", product: { name: "17.2.1a", product_id: "CSAFPID-277343", }, }, { category: "service_pack", name: "17.2.1v", product: { name: "17.2.1v", product_id: "CSAFPID-278002", }, }, { category: "service_pack", name: "17.2.2", product: { name: "17.2.2", product_id: "CSAFPID-278504", }, }, ], category: "product_version", name: "17.2", }, { branches: [ { category: "service_pack", name: "17.3.1", product: { name: "17.3.1", product_id: "CSAFPID-254712", }, }, { category: "service_pack", name: "17.3.1a", product: { name: "17.3.1a", product_id: "CSAFPID-279338", }, }, ], category: "product_version", name: "17.3", }, ], category: "product_family", name: "Cisco IOS XE Software", }, ], category: "vendor", name: "Cisco", }, ], }, vulnerabilities: [ { cve: "CVE-2021-1352", ids: [ { system_name: "Cisco Bug ID", text: "CSCvv51476", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-214051", "CSAFPID-217257", "CSAFPID-217259", "CSAFPID-218901", "CSAFPID-218903", "CSAFPID-218905", "CSAFPID-225784", "CSAFPID-225856", "CSAFPID-225858", "CSAFPID-226330", "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-228706", "CSAFPID-229187", "CSAFPID-231390", "CSAFPID-231682", "CSAFPID-232008", "CSAFPID-232461", "CSAFPID-233155", "CSAFPID-235307", "CSAFPID-235858", "CSAFPID-236834", "CSAFPID-236837", "CSAFPID-237460", "CSAFPID-241736", "CSAFPID-242308", "CSAFPID-243362", "CSAFPID-244070", "CSAFPID-244071", "CSAFPID-244530", "CSAFPID-244900", "CSAFPID-245375", "CSAFPID-245377", "CSAFPID-247629", "CSAFPID-248242", "CSAFPID-250629", "CSAFPID-251075", "CSAFPID-251166", "CSAFPID-251225", "CSAFPID-252045", "CSAFPID-252235", "CSAFPID-252271", "CSAFPID-252272", "CSAFPID-252913", "CSAFPID-252914", "CSAFPID-254712", "CSAFPID-257955", "CSAFPID-257984", "CSAFPID-258170", "CSAFPID-258229", "CSAFPID-260741", "CSAFPID-260917", "CSAFPID-261240", "CSAFPID-261241", "CSAFPID-261465", "CSAFPID-262390", "CSAFPID-262549", "CSAFPID-263804", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267605", "CSAFPID-268921", "CSAFPID-270097", "CSAFPID-271798", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273112", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-276837", "CSAFPID-277147", "CSAFPID-277148", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-277945", "CSAFPID-278002", "CSAFPID-278504", "CSAFPID-278881", "CSAFPID-279338", "CSAFPID-283831", ], }, release_date: "2021-03-24T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-214051", "CSAFPID-217257", "CSAFPID-217259", "CSAFPID-218901", "CSAFPID-218903", "CSAFPID-218905", "CSAFPID-225784", "CSAFPID-225856", "CSAFPID-225858", "CSAFPID-226330", "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-228706", "CSAFPID-229187", "CSAFPID-231390", "CSAFPID-231682", "CSAFPID-232008", "CSAFPID-232461", "CSAFPID-233155", "CSAFPID-235307", "CSAFPID-235858", "CSAFPID-236834", "CSAFPID-236837", "CSAFPID-237460", "CSAFPID-241736", "CSAFPID-242308", "CSAFPID-243362", "CSAFPID-244070", "CSAFPID-244071", "CSAFPID-244530", "CSAFPID-244900", "CSAFPID-245375", "CSAFPID-245377", "CSAFPID-247629", "CSAFPID-248242", "CSAFPID-250629", "CSAFPID-251075", "CSAFPID-251166", "CSAFPID-251225", "CSAFPID-252045", "CSAFPID-252235", "CSAFPID-252271", "CSAFPID-252272", "CSAFPID-252913", "CSAFPID-252914", "CSAFPID-254712", "CSAFPID-257955", "CSAFPID-257984", "CSAFPID-258170", "CSAFPID-258229", "CSAFPID-260741", "CSAFPID-260917", "CSAFPID-261240", "CSAFPID-261241", "CSAFPID-261465", "CSAFPID-262390", "CSAFPID-262549", "CSAFPID-263804", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267605", "CSAFPID-268921", "CSAFPID-270097", "CSAFPID-271798", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273112", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-276837", "CSAFPID-277147", "CSAFPID-277148", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-277945", "CSAFPID-278002", "CSAFPID-278504", "CSAFPID-278881", "CSAFPID-279338", "CSAFPID-283831", ], url: "https://software.cisco.com", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-214051", "CSAFPID-217257", "CSAFPID-217259", "CSAFPID-218901", "CSAFPID-218903", "CSAFPID-218905", "CSAFPID-225784", "CSAFPID-225856", "CSAFPID-225858", "CSAFPID-226330", "CSAFPID-227918", "CSAFPID-227920", "CSAFPID-228706", "CSAFPID-229187", "CSAFPID-231390", "CSAFPID-231682", "CSAFPID-232008", "CSAFPID-232461", "CSAFPID-233155", "CSAFPID-235307", "CSAFPID-235858", "CSAFPID-236834", "CSAFPID-236837", "CSAFPID-237460", "CSAFPID-241736", "CSAFPID-242308", "CSAFPID-243362", "CSAFPID-244070", "CSAFPID-244071", "CSAFPID-244530", "CSAFPID-244900", "CSAFPID-245375", "CSAFPID-245377", "CSAFPID-247629", "CSAFPID-248242", "CSAFPID-250629", "CSAFPID-251075", "CSAFPID-251166", "CSAFPID-251225", "CSAFPID-252045", "CSAFPID-252235", "CSAFPID-252271", "CSAFPID-252272", "CSAFPID-252913", "CSAFPID-252914", "CSAFPID-254712", "CSAFPID-257955", "CSAFPID-257984", "CSAFPID-258170", "CSAFPID-258229", "CSAFPID-260741", "CSAFPID-260917", "CSAFPID-261240", "CSAFPID-261241", "CSAFPID-261465", "CSAFPID-262390", "CSAFPID-262549", "CSAFPID-263804", "CSAFPID-264096", "CSAFPID-265735", "CSAFPID-265841", "CSAFPID-267110", "CSAFPID-267605", "CSAFPID-268921", "CSAFPID-270097", "CSAFPID-271798", "CSAFPID-272047", "CSAFPID-272932", "CSAFPID-273112", "CSAFPID-273445", "CSAFPID-273509", "CSAFPID-274818", "CSAFPID-274832", "CSAFPID-275538", "CSAFPID-276837", "CSAFPID-277147", "CSAFPID-277148", "CSAFPID-277194", "CSAFPID-277255", "CSAFPID-277321", "CSAFPID-277338", "CSAFPID-277343", "CSAFPID-277348", "CSAFPID-277945", "CSAFPID-278002", "CSAFPID-278504", "CSAFPID-278881", "CSAFPID-279338", "CSAFPID-283831", ], }, ], title: "Cisco IOS XE Software DECnet Denial of Service Vulnerability", }, ], }
gsd-2021-1352
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-1352", description: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", id: "GSD-2021-1352", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-1352", ], details: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", id: "GSD-2021-1352", modified: "2023-12-13T01:23:21.944572Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-03-24T16:00:00", ID: "CVE-2021-1352", STATE: "PUBLIC", TITLE: "Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco IOS XE Software ", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", }, ], }, exploit: [ { lang: "eng", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. ", }, ], impact: { cvss: { baseScore: "7.4", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-823", }, ], }, ], }, references: { reference_data: [ { name: "20210324 Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, ], }, source: { advisory: "cisco-sa-iosxe-decnet-dos-cuPWDkyL", defect: [ [ "CSCvv51476", ], ], discovery: "INTERNAL", }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.1d:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.5b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.2a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.2s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.3h:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.3s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.7a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.4c:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2021-1352", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "20210324 Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", refsource: "CISCO", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, }, }, lastModifiedDate: "2022-09-20T17:03Z", publishedDate: "2021-03-24T21:15Z", }, }, }
ghsa-vcq5-wh47-842g
Vulnerability from github
Published
2022-05-24 17:45
Modified
2022-09-21 00:00
Severity ?
Details
A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
{ affected: [], aliases: [ "CVE-2021-1352", ], database_specific: { cwe_ids: [ "CWE-119", "CWE-823", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2021-03-24T21:15:00Z", severity: "MODERATE", }, details: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", id: "GHSA-vcq5-wh47-842g", modified: "2022-09-21T00:00:42Z", published: "2022-05-24T17:45:11Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-1352", }, { type: "WEB", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
fkie_cve-2021-1352
Vulnerability from fkie_nvd
Published
2021-03-24 21:15
Modified
2024-11-21 05:44
Severity ?
7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*", matchCriteriaId: "77E8AF15-AB46-4EAB-8872-8C55E8601599", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*", matchCriteriaId: "957318BE-55D4-4585-AA52-C813301D01C3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*", matchCriteriaId: "8F11B703-8A0F-47ED-AA70-951FF78B94A4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", matchCriteriaId: "FE7B2557-821D-4E05-B5C3-67192573D97D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*", matchCriteriaId: "5EE6EC32-51E4-43A3-BFB9-A0D842D08E87", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*", matchCriteriaId: "187F699A-AF2F-42B0-B855-27413140C384", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*", matchCriteriaId: "7E0B905E-4D92-4FD6-B2FF-41FF1F59A948", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*", matchCriteriaId: "62EDEC28-661E-42EF-88F0-F62D0220D2E5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*", matchCriteriaId: "F821EBD7-91E2-4460-BFAF-18482CF6CB8C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*", matchCriteriaId: "E36D2D24-8F63-46DE-AC5F-8DE33332EBC6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*", matchCriteriaId: "C9B825E6-5929-4890-BDBA-4CF4BD2314C9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*", matchCriteriaId: "65020120-491D-46CD-8C73-974B6F4C11E6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*", matchCriteriaId: "7ADDCD0A-6168-45A0-A885-76CC70FE2FC7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*", matchCriteriaId: "3F35C623-6043-43A6-BBAA-478E185480CF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*", matchCriteriaId: "D83E34F4-F4DD-49CC-9C95-93F9D4D26B42", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*", matchCriteriaId: "D2833EAE-94C8-4279-A244-DDB6E2D15DC2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.5b:*:*:*:*:*:*:*", matchCriteriaId: "4B688E46-5BAD-4DEC-8B13-B184B141B169", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*", matchCriteriaId: "8C8F50DB-3A80-4D89-9F7B-86766D37338B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*", matchCriteriaId: "DBFC70A2-87BC-4898-BCF3-57F7B1DD5F10", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.7a:*:*:*:*:*:*:*", matchCriteriaId: "3F13F583-F645-4DF0-A075-B4F19D71D128", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*", matchCriteriaId: "CB8DA556-ABF3-48D0-95B8-E57DBE1B5A09", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*", matchCriteriaId: "623BF701-ADC9-4F24-93C5-043A6A7FEF5F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*", matchCriteriaId: "0FBD681F-7969-42BE-A47E-7C287755DCB5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*", matchCriteriaId: "98255E6F-3056-487D-9157-403836EFB9D3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*", matchCriteriaId: "57D4F634-03D5-4D9F-901C-7E9CE45F2F38", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*", matchCriteriaId: "4463A1D1-E169-4F0B-91B2-FA126BB444CB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*", matchCriteriaId: "D97F69C3-CAA6-491C-A0B6-6DC12B5AB472", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*", matchCriteriaId: "CDD58C58-1B0C-4A71-8C02-F555CEF9C253", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*", matchCriteriaId: "5C9C585C-A6EC-4385-B915-046C110BF95F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*", matchCriteriaId: "5EC2EE60-4A07-4D92-B9BC-BF07CF4F2BE9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*", matchCriteriaId: "47DBE4ED-1CD8-4134-9B33-17A91F44F17B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*", matchCriteriaId: "119A964D-ABC8-424D-8097-85B832A833BD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*", matchCriteriaId: "0375BF9E-D04B-4E5B-9051-536806ECA44E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*", matchCriteriaId: "2266E5A2-B3F6-4389-B8E2-42CB845EC7F9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.1c:*:*:*:*:*:*:*", matchCriteriaId: "012A6CF7-9104-4882-9C95-E6D4458AB778", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.1d:*:*:*:*:*:*:*", matchCriteriaId: "5AF5214D-9257-498F-A3EB-C4EC18E2FEB2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*", matchCriteriaId: "78DE7780-4E8B-4BB6-BDEB-58032EC65851", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*", matchCriteriaId: "F29CEE37-4044-4A3C-9685-C9C021FD346A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.2a:*:*:*:*:*:*:*", matchCriteriaId: "3DC5BB06-100F-42C9-8CEB-CC47FD26DDF3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.2s:*:*:*:*:*:*:*", matchCriteriaId: "5292764A-7D1C-4E04-86EF-809CB68EDD25", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*", matchCriteriaId: "E1FDA817-3A50-4B9E-8F4E-F613BDB3E9EE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*", matchCriteriaId: "1E16D266-108F-4F8A-998D-F1CA25F2EAAD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.3h:*:*:*:*:*:*:*", matchCriteriaId: "F84AE35F-D016-4B8F-8FE2-C2ACB200DFED", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.3s:*:*:*:*:*:*:*", matchCriteriaId: "41D55481-C80E-4400-9C3D-9F6B1F7F13CE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*", matchCriteriaId: "E4BF9829-F80E-4837-A420-39B291C4E17B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.4c:*:*:*:*:*:*:*", matchCriteriaId: "D07F9539-CFBE-46F7-9F5E-93A68169797D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*", matchCriteriaId: "F5AB80E7-0714-44ED-9671-12C877B36A1E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*", matchCriteriaId: "10182B94-6831-461E-B0FC-9476EAB6EBEF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*", matchCriteriaId: "961F8312-31B9-44E7-8858-EF8E2134F447", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*", matchCriteriaId: "DB6BD18B-B9BD-452F-986E-16A6668E46B6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*", matchCriteriaId: "D136D2BC-FFB5-4912-A3B1-BD96148CB9A5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*", matchCriteriaId: "A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*", matchCriteriaId: "ADED0D82-2A4D-4235-BFAC-5EE2D862B652", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*", matchCriteriaId: "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*", matchCriteriaId: "0A443E93-6C4B-4F86-BA7C-7C2A929E795A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*", matchCriteriaId: "6ECEDD9D-6517-44BA-A95F-D1D5488C0E41", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*", matchCriteriaId: "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*", matchCriteriaId: "314C7763-A64D-4023-9F3F-9A821AE4151F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*", matchCriteriaId: "5820D71D-FC93-45AA-BC58-A26A1A39C936", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*", matchCriteriaId: "FC1C85DD-69CC-4AA8-B219-651D57FC3506", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*", matchCriteriaId: "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*", matchCriteriaId: "B53E377A-0296-4D7A-B97C-576B0026543D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*", matchCriteriaId: "C98DED36-D4B5-48D6-964E-EEEE97936700", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*", matchCriteriaId: "CD98C9E8-3EA6-4160-970D-37C389576516", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*", matchCriteriaId: "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*", matchCriteriaId: "9027A528-2588-4C06-810B-5BB313FE4323", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*", matchCriteriaId: "7745ED34-D59D-49CC-B174-96BCA03B3374", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*", matchCriteriaId: "E5019B59-508E-40B0-9C92-2C26F58E2FBE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*", matchCriteriaId: "443D78BA-A3DA-4D1F-A4DF-2F426DC6B841", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*", matchCriteriaId: "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*", matchCriteriaId: "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*", matchCriteriaId: "D5750264-2990-4942-85F4-DB9746C5CA2B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*", matchCriteriaId: "02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*", matchCriteriaId: "B9173AD6-6658-4267-AAA7-D50D0B657528", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", matchCriteriaId: "7F02EE9D-45B1-43D6-B05D-6FF19472216B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", matchCriteriaId: "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*", matchCriteriaId: "E306B09C-CB48-4067-B60C-5F738555EEAC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*", matchCriteriaId: "CD446C51-E713-4E46-8328-0A0477D140D2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*", matchCriteriaId: "4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*", matchCriteriaId: "4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*", matchCriteriaId: "89369318-2E83-489F-B872-5F2E247BBF8F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*", matchCriteriaId: "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*", matchCriteriaId: "B51FA707-8DB1-4596-9122-D4BFEF17F400", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*", matchCriteriaId: "C04DF35A-1B6F-420A-8D84-74EB41BF3700", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*", matchCriteriaId: "211CC9B2-6108-4C50-AB31-DC527C43053E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*", matchCriteriaId: "75CCB5F1-27F5-4FF9-8389-0A9ABCF7F070", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*", matchCriteriaId: "08DCCBA3-82D2-4444-B5D3-E5FC58D024F9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*", matchCriteriaId: "128F95D7-E49F-4B36-8F47-823C0298449E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*", matchCriteriaId: "E21B3881-37E9-4C00-9336-12C9C28D1B61", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.", }, { lang: "es", value: "Una vulnerabilidad en el procesamiento del protocolo DECnet Phase IV y DECnet/OSI del Software Cisco IOS XE, podría permitir a un atacante adyacente no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad es debido a una comprobación de la entrada insuficiente del tráfico DECnet que recibe un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de tráfico DECnet a un dispositivo afectado. Una explotación con éxito podría permitir al atacante causar que el dispositivo afectado se recargue, dando como resultado una condición de DoS", }, ], id: "CVE-2021-1352", lastModified: "2024-11-21T05:44:09.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 5.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-24T21:15:11.507", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-823", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-202103-0470
Vulnerability from variot
A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco IOS XE Exists in the use of out-of-range pointer offsets.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0470", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.5.1b", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.8.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.7.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.6", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.3h", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.4.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.5.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.1r", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.10.1e", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.7", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.4.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.7.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.8.1c", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.5a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.3.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.2a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.4s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.10.1s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.4.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.5.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.1b", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.1s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.8", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.5f", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.3.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.8.1b", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.10.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.2s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.10.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.5", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1c", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.7.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.5b", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.3s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.3a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.1t", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.2s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.7a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.4", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.4c", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.5", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.1.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.1c", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1c", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.8.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.10.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.4", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.3s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.2a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.1d", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.6", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.10.1b", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.4a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.5.3", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.4a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.5.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.6.4", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.1t", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.2t", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.1v", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.12.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.8.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.8.1s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.10.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.3a", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "17.2.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.9.1s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.8.2", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1s", }, { model: "ios xe", scope: "eq", trust: 1, vendor: "cisco", version: "16.11.1b", }, { model: "cisco ios xe", scope: "eq", trust: 0.8, vendor: "シスコシステムズ", version: null, }, { model: "cisco ios xe", scope: null, trust: 0.8, vendor: "シスコシステムズ", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-006419", }, { db: "NVD", id: "CVE-2021-1352", }, ], }, cve: "CVE-2021-1352", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 2.9, confidentialityImpact: "NONE", exploitabilityScore: 5.5, id: "CVE-2021-1352", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 1.9, vectorString: "AV:A/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 2.9, confidentialityImpact: "NONE", exploitabilityScore: 5.5, id: "VHN-374406", impactScore: 2.9, integrityImpact: "NONE", severity: "LOW", trust: 0.1, vectorString: "AV:A/AC:M/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-1352", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT", author: "ykramarz@cisco.com", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 2.8, id: "CVE-2021-1352", impactScore: 4, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "High", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-1352", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-1352", trust: 1, value: "MEDIUM", }, { author: "ykramarz@cisco.com", id: "CVE-2021-1352", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2021-1352", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202103-1408", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-374406", trust: 0.1, value: "LOW", }, { author: "VULMON", id: "CVE-2021-1352", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-374406", }, { db: "VULMON", id: "CVE-2021-1352", }, { db: "JVNDB", id: "JVNDB-2021-006419", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202103-1408", }, { db: "NVD", id: "CVE-2021-1352", }, { db: "NVD", id: "CVE-2021-1352", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco IOS XE Exists in the use of out-of-range pointer offsets.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco IOS XE Software is an operating system of Cisco (Cisco). A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity", sources: [ { db: "NVD", id: "CVE-2021-1352", }, { db: "JVNDB", id: "JVNDB-2021-006419", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULHUB", id: "VHN-374406", }, { db: "VULMON", id: "CVE-2021-1352", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-1352", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2021-006419", trust: 0.8, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "CS-HELP", id: "SB2021042150", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202103-1408", trust: 0.6, }, { db: "VULHUB", id: "VHN-374406", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-1352", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-374406", }, { db: "VULMON", id: "CVE-2021-1352", }, { db: "JVNDB", id: "JVNDB-2021-006419", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202103-1408", }, { db: "NVD", id: "CVE-2021-1352", }, ], }, id: "VAR-202103-0470", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-374406", }, ], trust: 0.01, }, last_update_date: "2024-11-23T21:14:27.067000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-iosxe-decnet-dos-cuPWDkyL", trust: 0.8, url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, { title: "Cisco IOS XE Software Security vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145710", }, { title: "Cisco: Cisco IOS XE Software DECnet Phase IV/OSI Denial of Service Vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxe-decnet-dos-cuPWDkyL", }, ], sources: [ { db: "VULMON", id: "CVE-2021-1352", }, { db: "JVNDB", id: "JVNDB-2021-006419", }, { db: "CNNVD", id: "CNNVD-202103-1408", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-119", trust: 1.1, }, { problemtype: "CWE-823", trust: 1, }, { problemtype: "Use of out-of-range pointer offsets (CWE-823) [ Other ]", trust: 0.8, }, ], sources: [ { db: "VULHUB", id: "VHN-374406", }, { db: "JVNDB", id: "JVNDB-2021-006419", }, { db: "NVD", id: "CVE-2021-1352", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-decnet-dos-cupwdkyl", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2021-1352", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-34940", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021042150", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/823.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/198745", }, ], sources: [ { db: "VULHUB", id: "VHN-374406", }, { db: "VULMON", id: "CVE-2021-1352", }, { db: "JVNDB", id: "JVNDB-2021-006419", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202103-1408", }, { db: "NVD", id: "CVE-2021-1352", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-374406", }, { db: "VULMON", id: "CVE-2021-1352", }, { db: "JVNDB", id: "JVNDB-2021-006419", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202103-1408", }, { db: "NVD", id: "CVE-2021-1352", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-03-24T00:00:00", db: "VULHUB", id: "VHN-374406", }, { date: "2021-03-24T00:00:00", db: "VULMON", id: "CVE-2021-1352", }, { date: "2022-01-06T00:00:00", db: "JVNDB", id: "JVNDB-2021-006419", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-03-24T00:00:00", db: "CNNVD", id: "CNNVD-202103-1408", }, { date: "2021-03-24T21:15:11.507000", db: "NVD", id: "CVE-2021-1352", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-09-20T00:00:00", db: "VULHUB", id: "VHN-374406", }, { date: "2021-03-29T00:00:00", db: "VULMON", id: "CVE-2021-1352", }, { date: "2022-01-06T07:16:00", db: "JVNDB", id: "JVNDB-2021-006419", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2022-09-21T00:00:00", db: "CNNVD", id: "CNNVD-202103-1408", }, { date: "2024-11-21T05:44:09.593000", db: "NVD", id: "CVE-2021-1352", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-202103-1408", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco IOS XE Vulnerability in using out-of-range pointer offsets in", sources: [ { db: "JVNDB", id: "JVNDB-2021-006419", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.