CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
25.0%
A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios_xe | 16.3.1 | cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:* |
cisco | ios_xe | 16.6.5 | cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:* |
cisco | ios_xe | 16.7(1) | cpe:2.3:o:cisco:ios_xe:16.7\(1\):*:*:*:*:*:*:* |
cisco | ios_xe | 17.1.1 | cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:* |
cisco | 1000v | - | cpe:2.3:h:cisco:1000v:-:*:*:*:*:*:*:* |
cisco | 4321_integrated_services_router | - | cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:* |
cisco | 4331_integrated_services_router | - | cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:* |
cisco | 4351_integrated_services_router | - | cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:* |
cisco | 4431_integrated_services_router | - | cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:* |
cisco | asr_1000 | - | cpe:2.3:h:cisco:asr_1000:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
25.0%