CVE-2021-34697

Cisco IOS XE Software Protection Against Distributed Denial of Service Attacks Feature Vulnerability

Severity Score

8.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) attacks to or through the affected device. This vulnerability is due to incorrect programming of the half-opened connections limit, TCP SYN flood limit, or TCP SYN cookie features when the features are configured in vulnerable releases of Cisco IOS XE Software. An attacker could exploit this vulnerability by attempting to flood traffic to or through the affected device. A successful exploit could allow the attacker to initiate a DoS attack to or through an affected device.

Una vulnerabilidad en la funcionalidad Protection Against Distributed Denial of Service Attacks de Cisco IOS XE Software podría permitir a un atacante remoto no autenticado realizar ataques de denegación de servicio (DoS) al dispositivo afectado o mediante él. Esta vulnerabilidad es debido a una programación incorrecta del límite de conexiones semiabiertas, del límite de inundación TCP SYN o de la cookie TCP SYN cuando las funciones están configuradas en versiones vulnerables de Cisco IOS XE Software. Un atacante podría explotar esta vulnerabilidad al intentar inundar el tráfico hacia o mediante el dispositivo afectado. Una explotación con éxito podría permitir al atacante iniciar un ataque de DoS hacia o mediante un dispositivo afectado

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2021-06-15 CVE Reserved
2021-09-23 CVE Published
2024-06-07 EPSS Updated
2024-11-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-665: Improper Initialization

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-zbfw-tguGuYq	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				>= 17.3.1 < 17.3.3 Search vendor "Cisco" for product "Ios Xe" and version " >= 17.3.1 < 17.3.3"		-		Affected