HIGH✓ PATCH🇬🇧 English

CVE-2021-1622

CVSS 8.6v3.1pub. 2021-09-23upd. 2024-11-21

A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could allow the attacker to cause the CPU to consume excessive resources, which prevents other control plane processes from obtaining resources and results in a DoS.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Cisco 7600 Router

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 12c F D

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 12c Ft D

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 4c F D

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 4c Ft D

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 6cz F A

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 6cz F D

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 6cz Fs A

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 6cz Fs D

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 6cz Ft A

    HW
    Cisco
    wszystkie wersje
  • Cisco Asr 901 6cz Ft D

    HW
    Cisco
    wszystkie wersje
  • Cisco Cbr 8

    HW
    Cisco
    wszystkie wersje
  • Cisco IOS XE

    OS
    Cisco
    17.3.1x< 16.12.1z1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2023-20198CRITICAL10.0⚠ KEVten sam produkt

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...

CVE-2018-0151CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software coul...

CVE-2017-12240CRITICAL9.8⚠ KEVten sam produkt

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...

CVE-2017-3881CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE S...

CVE-2025-20363CRITICAL9.0PL ✓ten sam produkt

RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP