CVE-2021-34734
Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol Double-Free Denial of Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for the Cisco Video Surveillance 7000 Series IP Cameras firmware could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Una vulnerabilidad en la Implementación del Protocolo de Detección de la Capa de Enlace (LLDP) para el firmware de las cámaras IP de la serie 7000 de Cisco Video Surveillance podría permitir a un atacante adyacente no autenticado causar una condición de denegación de servicio (DoS). Esta vulnerabilidad es debido a una administración inapropiada de los recursos de memoria, denominada doble liberación. Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes LLDP diseñados a un dispositivo afectado. Una explotación con éxito podría permitir al atacante hacer que el dispositivo afectado se recargue, resultando en una condición de DoS. Nota: LLDP es un protocolo de capa 2. Para explotar estas vulnerabilidades, un atacante debe estar en el mismo dominio de difusión que el dispositivo afectado (Capa 2 adyacente).
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-06-15 CVE Reserved
- 2021-08-18 CVE Published
- 2024-05-03 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-415: Double Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-dos-OFP7j9j | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Video Surveillance 7000 Ip Camera Firmware Search vendor "Cisco" for product "Video Surveillance 7000 Ip Camera Firmware" | 2.12.4 Search vendor "Cisco" for product "Video Surveillance 7000 Ip Camera Firmware" and version "2.12.4" | - |
Affected
| ||||||