Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-1624

A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to mishandling of the rate limiting feature within the QuantumFlow Processor. An attacker could exploit this vulnerability by sending large amounts of traffic that would be subject to NAT and rate limiting through an affected device. A successful exploit could allow the attacker to cause the QuantumFlow Processor utilization to reach 100 percent on the affected device, resulting in a DoS condition.

Published

2021-09-23T03:15:13.610

Last Modified

2024-11-21T05:44:46.050

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-399
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios_xe ≤ 17.3.3 Yes
Hardware cisco asr_1000 - No
Hardware cisco asr_1000-esp100 - No
Hardware cisco asr_1000-x - No
Hardware cisco asr_1001 - No
Hardware cisco asr_1001-hx - No
Hardware cisco asr_1001-hx_r - No
Hardware cisco asr_1001-x - No
Hardware cisco asr_1001-x_r - No
Hardware cisco asr_1002 - No
Hardware cisco asr_1002-hx - No
Hardware cisco asr_1002-hx_r - No
Hardware cisco asr_1002-x - No
Hardware cisco asr_1002-x_r - No
Hardware cisco asr_1004 - No
Hardware cisco asr_1006 - No
Hardware cisco asr_1006-x - No
Hardware cisco asr_1009-x - No
Hardware cisco asr_1013 - No
Hardware cisco asr_1023 - No
References