Lucene search

K
vulnrichmentCiscoVULNRICHMENT:CVE-2021-1231
HistoryFeb 24, 2021 - 7:30 p.m.

CVE-2021-1231 Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port Denial of Service Vulnerability

2021-02-2419:30:36
CWE-284
cisco
github.com
1
cisco
nexus 9000
fabric switches
aci
link layer discovery protocol
denial of service

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic.

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2021-1231