CVE-2021-34713

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.

CVSS v3 7.4 HIGH
CVSS v2.0 6.1 MEDIUM

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:cisco:asr_9000:-:::::::*
	cpe:2.3:h:cisco:asr_9000v-v2:-:::::::*
	cpe:2.3:h:cisco:asr_9001:-:::::::*
	cpe:2.3:h:cisco:asr_9006:-:::::::*
	cpe:2.3:h:cisco:asr_9010:-:::::::*
	cpe:2.3:h:cisco:asr_9901:-:::::::*
	cpe:2.3:h:cisco:asr_9902:-:::::::*
	cpe:2.3:h:cisco:asr_9903:-:::::::*
	cpe:2.3:h:cisco:asr_9904:-:::::::*
	cpe:2.3:h:cisco:asr_9906:-:::::::*
	cpe:2.3:h:cisco:asr_9910:-:::::::*
	cpe:2.3:h:cisco:asr_9912:-:::::::*
	cpe:2.3:h:cisco:asr_9922:-:::::::*

OR	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr::::::::

History

21 Sep 2021, 19:18

Type	Values Removed	Values Added
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.1 v3 : 7.4
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD - Vendor Advisory
CPE		cpe:2.3:h:cisco:asr_9000:-:::::::* cpe:2.3:h:cisco:asr_9912:-:::::::* cpe:2.3:h:cisco:asr_9001:-:::::::* cpe:2.3:h:cisco:asr_9904:-:::::::* cpe:2.3:h:cisco:asr_9006:-:::::::* cpe:2.3:h:cisco:asr_9000v-v2:-:::::::* cpe:2.3:h:cisco:asr_9901:-:::::::* cpe:2.3:h:cisco:asr_9922:-:::::::* cpe:2.3:o:cisco:ios_xr:::::::: cpe:2.3:h:cisco:asr_9902:-:::::::* cpe:2.3:h:cisco:asr_9910:-:::::::* cpe:2.3:h:cisco:asr_9906:-:::::::* cpe:2.3:h:cisco:asr_9010:-:::::::* cpe:2.3:h:cisco:asr_9903:-:::::::*

09 Sep 2021, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-09-09 05:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-34713

Mitre link : CVE-2021-34713

CVE.ORG link : CVE-2021-34713

JSON object : View

Products Affected

cisco

asr_9000
asr_9903
asr_9922
asr_9000v-v2
asr_9006
asr_9912
asr_9906
asr_9902
asr_9904
asr_9001
asr_9901
asr_9910
ios_xr
asr_9010

CWE

NVD-CWE-Other CWE-399

Resource Management Errors

7.4 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-34713

7.4^/10

6.1^/10

Attach tags to `CVE-2021-34713`