CVE-2021-1377 MEDIUM

CVE-2021-1377: Cisco IOS and IOS XE Software ARP Resource Management Exhaustion Denial of Service Vulnerability

Vendor Cisco
Product Cisco IOS
Weakness CWE-399
Published March 24, 2021
Last update November 8, 2024

CVSS base score

5.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

What the vulnerability does

01Description

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition.

Key dates

02Disclosure timeline

March 24, 2021 CVE published
November 8, 2024 Record updated