CVE-2021-1353
Cisco StarOS IPv4 Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device.
Una vulnerabilidad en el manejo del protocolo IPv4 de Cisco StarOS, podría permitir a un atacante no autenticado remoto causar una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad es debido a una pérdida de memoria que se produce durante el procesamiento de paquetes. Un atacante podría explotar esta vulnerabilidad mediante el envío de una serie de paquetes IPv4 diseñados por medio de un dispositivo afectado. Una explotación con éxito podría permitir al atacante agotar la memoria disponible y causar un reinicio inesperado del proceso npusim, conllevando a una condición DoS en el dispositivo afectado
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-11-13 CVE Reserved
- 2021-01-20 CVE Published
- 2023-10-06 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | < 21.22.0 Search vendor "Cisco" for product "Staros" and version " < 21.22.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | < 21.22.0 Search vendor "Cisco" for product "Staros" and version " < 21.22.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | < 21.22.0 Search vendor "Cisco" for product "Staros" and version " < 21.22.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Virtualized Packet Core-single Instance Search vendor "Cisco" for product "Virtualized Packet Core-single Instance" | - | - |
Affected
| ||||||