Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-1587
HistoryAug 25, 2021 - 8:15 p.m.

CVE-2021-1587

2021-08-2520:15:11
CWE-436
CWE-115
[email protected]
web.nvd.nist.gov
39
cisco
nx-os
vulnerability
cve-2021-1587
ngoam
vxlan
oam
dos

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.6%

JSON

A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An attacker could exploit this vulnerability by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric. A successful exploit could allow the attacker to cause an affected device to experience high CPU usage and consume excessive system resources, which may result in overall control plane instability and cause the affected device to reload. Note: The NGOAM feature is disabled by default.

Affected configurations

NVD
Node
cisconx-osMatch-
AND
cisconexus_3000Match-
OR
cisconexus_3048Match-
OR
cisconexus_31108pc-vMatch-
OR
cisconexus_31108tc-vMatch-
OR
cisconexus_31128pqMatch-
OR
cisconexus_3132c-zMatch-
OR
cisconexus_3132q-vMatch-
OR
cisconexus_3132q-x\/3132q-xlMatch-
OR
cisconexus_3164qMatch-
OR
cisconexus_3172pq\/pq-xlMatch-
OR
cisconexus_3172tq-xlMatch-
OR
cisconexus_3232cMatch-
OR
cisconexus_3264c-eMatch-
OR
cisconexus_3264qMatch-
OR
cisconexus_3408-sMatch-
OR
cisconexus_34180ycMatch-
OR
cisconexus_3432d-sMatch-
OR
cisconexus_3464cMatch-
OR
cisconexus_3524-x\/xlMatch-
OR
cisconexus_3548-x\/xlMatch-
OR
cisconexus_36180yc-rMatch-
OR
cisconexus_3636c-rMatch-
OR
cisconexus_9000vMatch-
OR
cisconexus_92160yc-xMatch-
OR
cisconexus_92300ycMatch-
OR
cisconexus_92304qcMatch-
OR
cisconexus_92348gc-xMatch-
OR
cisconexus_9236cMatch-
OR
cisconexus_9272qMatch-
OR
cisconexus_93108tc-exMatch-
OR
cisconexus_93108tc-ex-24Match-
OR
cisconexus_93108tc-fxMatch-
OR
cisconexus_93108tc-fx-24Match-
OR
cisconexus_93108tc-fx3pMatch-
OR
cisconexus_93120txMatch-
OR
cisconexus_93128txMatch-
OR
cisconexus_9316d-gxMatch-
OR
cisconexus_93180lc-exMatch-
OR
cisconexus_93180yc-exMatch-
OR
cisconexus_93180yc-ex-24Match-
OR
cisconexus_93180yc-fxMatch-
OR
cisconexus_93180yc-fx-24Match-
OR
cisconexus_93180yc-fx3Match-
OR
cisconexus_93180yc-fx3sMatch-
OR
cisconexus_93216tc-fx2Match-
OR
cisconexus_93240yc-fx2Match-
OR
cisconexus_9332cMatch-
OR
cisconexus_9332pqMatch-
OR
cisconexus_93360yc-fx2Match-
OR
cisconexus_9336c-fx2Match-
OR
cisconexus_9336c-fx2-eMatch-
OR
cisconexus_9348gc-fxpMatch-
OR
cisconexus_93600cd-gxMatch-
OR
cisconexus_9364cMatch-
OR
cisconexus_9364c-gxMatch-
OR
cisconexus_9372pxMatch-
OR
cisconexus_9372px-eMatch-
OR
cisconexus_9372txMatch-
OR
cisconexus_9372tx-eMatch-
OR
cisconexus_9396pxMatch-
OR
cisconexus_9396txMatch-
OR
cisconexus_9508Match-
CPENameOperatorVersion
cisco:nx-oscisco nx-oseq-

CNA Affected

[
  {
    "product": "Cisco NX-OS Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

cisco 1
nessus 2
prion 1
cvelist 1
cnvd 1
nvd 1
cisco
cisco
Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
2021-08-25 16:00:00
nessus
nessus
Cisco NX-OS Software VXLAN OAM Denial of Service (CVE-2021-1587)
2024-01-04 00:00:00
Cisco NX-OS Software VXLAN OAM DoS (cisco-sa-nxos-ngoam-dos-LTDb9Hv)
2021-08-27 00:00:00
prion
prion
Design/Logic Flaw
2021-08-25 20:15:00
cvelist
cvelist
CVE-2021-1587 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
2021-08-25 00:00:00
cnvd
cnvd
Cisco NX-OS Software Denial of Service Vulnerability (CNVD-2021-68721)
2021-08-26 00:00:00
nvd
nvd
CVE-2021-1587
2021-08-25 20:15:11

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.6%

JSON
Related for CVE-2021-1587
cisco1nessus2prion1cvelist1cnvd1nvd1