Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-1625
HistorySep 23, 2021 - 3:15 a.m.

CVE-2021-1625

2021-09-2303:15:13
CWE-284
[email protected]
web.nvd.nist.gov
31
cisco
ios xe
zone-based policy firewall
vulnerability
remote attacker
traffic classification

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.9%

JSON

A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP responder-to-initiator flows are not inspected when the Zone-Based Policy Firewall has either Unified Threat Defense (UTD) or Application Quality of Experience (AppQoE) configured. An attacker could exploit this vulnerability by attempting to send UDP or ICMP flows through the network. A successful exploit could allow the attacker to inject traffic through the Zone-Based Policy Firewall, resulting in traffic being dropped because it is incorrectly classified or in incorrect reporting figures being produced by high-speed logging (HSL).

Affected configurations

NVD
Node
ciscoios_xeRange<17.3.2
CPENameOperatorVersion
cisco:ios_xecisco ios xelt17.3.2

CNA Affected

[
  {
    "product": "Cisco IOS XE Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

cnvd 1
nessus 1
nvd 1
prion 1
cvelist 1
cisco 1
cnvd
cnvd
Cisco IOS XE Software Access Control Error Vulnerability (CNVD-2021-80664)
2021-09-24 00:00:00
nessus
nessus
Cisco IOS XE Software Zone Based Policy Firewall ICMP UDP Inspection (cisco-sa-zbfw-pP9jfzwL)
2021-09-27 00:00:00
nvd
nvd
CVE-2021-1625
2021-09-23 03:15:13
prion
prion
Design/Logic Flaw
2021-09-23 03:15:00
cvelist
cvelist
CVE-2021-1625 Cisco IOS XE Software Zone-Based Policy Firewall ICMP and UDP Inspection Vulnerability
2021-09-22 00:00:00
cisco
cisco
Cisco IOS XE Software Zone-Based Policy Firewall ICMP and UDP Inspection Vulnerability
2021-09-22 16:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.9%

JSON
Related for CVE-2021-1625
cnvd1nessus1nvd1prion1cvelist1cisco1