CVE-2021-1389
Cisco IOS XR and Cisco NX-OS Software IPv6 Access Control List Bypass Vulnerability
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL.
Una vulnerabilidad en el procesamiento del tráfico IPv6 del Software Cisco IOS XR, y el Software Cisco NX-OS para determinados dispositivos Cisco, podría permitir a un atacante remoto no autenticado omitir una lista de control de acceso (ACL) IPv6 configurada para una interfaz de un dispositivo afectado. La vulnerabilidad es debido al procesamiento inapropiado del tráfico IPv6 que se envía por medio de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes IPv6 diseñados que atraviesan el dispositivo afectado. Una explotación con éxito podría permitir al atacante acceder a recursos que normalmente estarían protegidos por la interfaz ACL
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-11-13 CVE Reserved
- 2021-02-04 CVE Published
- 2023-10-21 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-acl-CHgdYk8j | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540 Search vendor "Cisco" for product "Ncs 540" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501 Search vendor "Cisco" for product "Ncs 5501" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501-se Search vendor "Cisco" for product "Ncs 5501-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502 Search vendor "Cisco" for product "Ncs 5502" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502-se Search vendor "Cisco" for product "Ncs 5502-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5508 Search vendor "Cisco" for product "Ncs 5508" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5516 Search vendor "Cisco" for product "Ncs 5516" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560 Search vendor "Cisco" for product "Ncs 560" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.1.0 Search vendor "Cisco" for product "Ios Xr" and version "7.1.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540 Search vendor "Cisco" for product "Ncs 540" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.1.0 Search vendor "Cisco" for product "Ios Xr" and version "7.1.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501 Search vendor "Cisco" for product "Ncs 5501" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.1.0 Search vendor "Cisco" for product "Ios Xr" and version "7.1.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501-se Search vendor "Cisco" for product "Ncs 5501-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.1.0 Search vendor "Cisco" for product "Ios Xr" and version "7.1.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502 Search vendor "Cisco" for product "Ncs 5502" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.1.0 Search vendor "Cisco" for product "Ios Xr" and version "7.1.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502-se Search vendor "Cisco" for product "Ncs 5502-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.1.0 Search vendor "Cisco" for product "Ios Xr" and version "7.1.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5508 Search vendor "Cisco" for product "Ncs 5508" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.1.0 Search vendor "Cisco" for product "Ios Xr" and version "7.1.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5516 Search vendor "Cisco" for product "Ncs 5516" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.1.0 Search vendor "Cisco" for product "Ios Xr" and version "7.1.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560 Search vendor "Cisco" for product "Ncs 560" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.2.0 Search vendor "Cisco" for product "Ios Xr" and version "7.2.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540 Search vendor "Cisco" for product "Ncs 540" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.2.0 Search vendor "Cisco" for product "Ios Xr" and version "7.2.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501 Search vendor "Cisco" for product "Ncs 5501" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.2.0 Search vendor "Cisco" for product "Ios Xr" and version "7.2.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501-se Search vendor "Cisco" for product "Ncs 5501-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.2.0 Search vendor "Cisco" for product "Ios Xr" and version "7.2.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502 Search vendor "Cisco" for product "Ncs 5502" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.2.0 Search vendor "Cisco" for product "Ios Xr" and version "7.2.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502-se Search vendor "Cisco" for product "Ncs 5502-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.2.0 Search vendor "Cisco" for product "Ios Xr" and version "7.2.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5508 Search vendor "Cisco" for product "Ncs 5508" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.2.0 Search vendor "Cisco" for product "Ios Xr" and version "7.2.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5516 Search vendor "Cisco" for product "Ncs 5516" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | 7.2.0 Search vendor "Cisco" for product "Ios Xr" and version "7.2.0" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560 Search vendor "Cisco" for product "Ncs 560" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 3600 Search vendor "Cisco" for product "Nexus 3600" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Nx-os Search vendor "Cisco" for product "Nx-os" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Nexus 9500 R Search vendor "Cisco" for product "Nexus 9500 R" | - | - |
Safe
|