// For flags

CVE-2021-1460

Cisco IOx Application Framework Denial of Service Vulnerability

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.

Una vulnerabilidad en el Cisco IOx Application Framework de los Enrutadores Cisco 809 Industrial Integrated Services (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, y Cisco IC3000 Industrial Compute Gateway, podría permitir a un atacante remoto no autenticado causar una denegación de servicio. (DoS) en un dispositivo afectado. Esta vulnerabilidad es debido a un manejo insuficiente de errores durante el procesamiento de paquetes. Un atacante podría explotar esta vulnerabilidad mediante el envío de una tasa alta y sostenida de tráfico TCP diseñado al servidor web IOx en un dispositivo afectado. Una explotación con éxito podría permitir que el atacante cause que el servidor web IOx dejara de procesar peticiones, lo que resultaría en una condición de DoS

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2020-11-13 CVE Reserved
  • 2021-03-24 CVE Published
  • 2023-12-08 EPSS Updated
  • 2024-11-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
< 15.9\(3\)m3
Search vendor "Cisco" for product "Ios" and version " < 15.9\(3\)m3"
-
Affected
in Cisco
Search vendor "Cisco"
809 Industrial Integrated Services Router
Search vendor "Cisco" for product "809 Industrial Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
< 15.9\(3\)m3
Search vendor "Cisco" for product "Ios" and version " < 15.9\(3\)m3"
-
Affected
in Cisco
Search vendor "Cisco"
829 Industrial Integrated Services Router
Search vendor "Cisco" for product "829 Industrial Integrated Services Router"
--
Safe
Cisco
Search vendor "Cisco"
Cgr1000 Firmware
Search vendor "Cisco" for product "Cgr1000 Firmware"
< 1.12.0.3
Search vendor "Cisco" for product "Cgr1000 Firmware" and version " < 1.12.0.3"
-
Affected
in Cisco
Search vendor "Cisco"
Cgr1000
Search vendor "Cisco" for product "Cgr1000"
--
Safe
Cisco
Search vendor "Cisco"
Ic3000 Industrial Compute Gateway Firmware
Search vendor "Cisco" for product "Ic3000 Industrial Compute Gateway Firmware"
< 1.3.2
Search vendor "Cisco" for product "Ic3000 Industrial Compute Gateway Firmware" and version " < 1.3.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ic3000 Industrial Compute Gateway
Search vendor "Cisco" for product "Ic3000 Industrial Compute Gateway"
--
Safe