CVE-2021-1460
Cisco IOx Application Framework Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.
Una vulnerabilidad en el Cisco IOx Application Framework de los Enrutadores Cisco 809 Industrial Integrated Services (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, y Cisco IC3000 Industrial Compute Gateway, podría permitir a un atacante remoto no autenticado causar una denegación de servicio. (DoS) en un dispositivo afectado. Esta vulnerabilidad es debido a un manejo insuficiente de errores durante el procesamiento de paquetes. Un atacante podría explotar esta vulnerabilidad mediante el envío de una tasa alta y sostenida de tráfico TCP diseñado al servidor web IOx en un dispositivo afectado. Una explotación con éxito podría permitir que el atacante cause que el servidor web IOx dejara de procesar peticiones, lo que resultaría en una condición de DoS
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2020-11-13 CVE Reserved
- 2021-03-24 CVE Published
- 2023-12-08 EPSS Updated
- 2024-11-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-4Fgcjh6 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | < 15.9\(3\)m3 Search vendor "Cisco" for product "Ios" and version " < 15.9\(3\)m3" | - |
Affected
| in | Cisco Search vendor "Cisco" | 809 Industrial Integrated Services Router Search vendor "Cisco" for product "809 Industrial Integrated Services Router" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | < 15.9\(3\)m3 Search vendor "Cisco" for product "Ios" and version " < 15.9\(3\)m3" | - |
Affected
| in | Cisco Search vendor "Cisco" | 829 Industrial Integrated Services Router Search vendor "Cisco" for product "829 Industrial Integrated Services Router" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Cgr1000 Firmware Search vendor "Cisco" for product "Cgr1000 Firmware" | < 1.12.0.3 Search vendor "Cisco" for product "Cgr1000 Firmware" and version " < 1.12.0.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Cgr1000 Search vendor "Cisco" for product "Cgr1000" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ic3000 Industrial Compute Gateway Firmware Search vendor "Cisco" for product "Ic3000 Industrial Compute Gateway Firmware" | < 1.3.2 Search vendor "Cisco" for product "Ic3000 Industrial Compute Gateway Firmware" and version " < 1.3.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ic3000 Industrial Compute Gateway Search vendor "Cisco" for product "Ic3000 Industrial Compute Gateway" | - | - |
Safe
|