CVE-2021-1624
Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to mishandling of the rate limiting feature within the QuantumFlow Processor. An attacker could exploit this vulnerability by sending large amounts of traffic that would be subject to NAT and rate limiting through an affected device. A successful exploit could allow the attacker to cause the QuantumFlow Processor utilization to reach 100 percent on the affected device, resulting in a DoS condition.
Una vulnerabilidad en la funcionalidad Rate Limiting Network Address Translation (NAT) de Cisco IOS XE Software podría permitir a un atacante remoto no autenticado causar un alto uso de la CPU en el procesador Cisco QuantumFlow de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). Esta vulnerabilidad es debido a un manejo inapropiado de la función de limitación de velocidad dentro del procesador QuantumFlow. Un atacante podría explotar esta vulnerabilidad mediante el envío de grandes cantidades de tráfico que estarían sujetas a NAT y a la limitación de velocidad mediante un dispositivo afectado. Una explotación con éxito podría permitir al atacante causar que el uso del Procesador QuantumFlow alcance el 100 por ciento en el dispositivo afectado, resultando en una condición de DoS
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2020-11-13 CVE Reserved
- 2021-09-23 CVE Published
- 2024-06-07 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ratenat-pYVLA7wM | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1000 Search vendor "Cisco" for product "Asr 1000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1000-esp100 Search vendor "Cisco" for product "Asr 1000-esp100" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1000-x Search vendor "Cisco" for product "Asr 1000-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1001 Search vendor "Cisco" for product "Asr 1001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1001-hx Search vendor "Cisco" for product "Asr 1001-hx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1001-hx R Search vendor "Cisco" for product "Asr 1001-hx R" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1001-x Search vendor "Cisco" for product "Asr 1001-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1001-x R Search vendor "Cisco" for product "Asr 1001-x R" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1002 Search vendor "Cisco" for product "Asr 1002" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1002-hx Search vendor "Cisco" for product "Asr 1002-hx" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1002-hx R Search vendor "Cisco" for product "Asr 1002-hx R" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1002-x Search vendor "Cisco" for product "Asr 1002-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1002-x R Search vendor "Cisco" for product "Asr 1002-x R" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1004 Search vendor "Cisco" for product "Asr 1004" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1006 Search vendor "Cisco" for product "Asr 1006" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1006-x Search vendor "Cisco" for product "Asr 1006-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1009-x Search vendor "Cisco" for product "Asr 1009-x" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1013 Search vendor "Cisco" for product "Asr 1013" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " <= 17.3.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 1023 Search vendor "Cisco" for product "Asr 1023" | - | - |
Safe
|