CVE-2021-1356 MEDIUM

CVE-2021-1356: Cisco IOS XE Software Web UI Denial of Service Vulnerabilities

Vendor Cisco
Product Cisco IOS XE Software
Weakness CWE-20 · Input validation
Published March 24, 2021
Last update November 8, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection.

Key dates

02Disclosure timeline

March 24, 2021 CVE published
November 8, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-34009 moodle: ReCAPTCHA can be bypassed on the login page CVE-2025-55301 The Scratch Channel Allows Username Modification CVE-2021-37692 Segfault on strings tensors with mistmatched dimensions in TensorFlow CVE-2024-41114 Remote code execution in streamlit geospatial in pages/1_📷_Timelapse.py MODIS Gap filled Land Surface Temperature Daily option CVE-2026-44658 Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation