Lucene search

CiscoCVE-2021-1460

HistoryMar 24, 2021 - 8:15 p.m.

CVE-2021-1460

2021-03-2420:15:15

CWE-400

cisco

web.nvd.nist.gov

cisco

iox

application framework

vulnerability

denial of service

cve-2021-1460

cisco 809 industrial

cisco 829 industrial

cisco cgr 1000

cisco ic3000

dos

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.6%

JSON

A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition.

Affected configurations

Nvd

Node

ciscoiosRange<15.9\(3\)m3

AND

cisco809_industrial_integrated_services_routerMatch-

cisco829_industrial_integrated_services_routerMatch-

Node

ciscocgr1000_firmwareRange<1.12.0.3

AND

ciscocgr1000Match-

Node

ciscoic3000_industrial_compute_gateway_firmwareRange<1.3.2

AND

ciscoic3000_industrial_compute_gatewayMatch-

VendorProductVersionCPE
ciscoios*cpe:2.3:a:cisco:ios:*:*:*:*:*:*:*:*
cisco809_industrial_integrated_services_router-cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*
cisco829_industrial_integrated_services_router-cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*
ciscocgr1000_firmware*cpe:2.3:o:cisco:cgr1000_firmware:*:*:*:*:*:*:*:*
ciscocgr1000-cpe:2.3:h:cisco:cgr1000:-:*:*:*:*:*:*:*
ciscoic3000_industrial_compute_gateway_firmware*cpe:2.3:o:cisco:ic3000_industrial_compute_gateway_firmware:*:*:*:*:*:*:*:*
ciscoic3000_industrial_compute_gateway-cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios	*	cpe:2.3:a:cisco:ios::::::::
cisco	809_industrial_integrated_services_router	-	cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:::::::*
cisco	829_industrial_integrated_services_router	-	cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:::::::*
cisco	cgr1000_firmware	*	cpe:2.3:o:cisco:cgr1000_firmware::::::::
cisco	cgr1000	-	cpe:2.3:h:cisco:cgr1000:-:::::::*
cisco	ic3000_industrial_compute_gateway_firmware	*	cpe:2.3:o:cisco:ic3000_industrial_compute_gateway_firmware::::::::
cisco	ic3000_industrial_compute_gateway	-	cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:-:::::::*

CNA Affected

[
  {
    "product": "Cisco IOS",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-dos-4Fgcjh6

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2021-1460