CVE-2021-1621 HIGH

CVE-2021-1621: Cisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability

Vendor Cisco
Product Cisco IOS XE Software
Weakness CWE-399
Published September 23, 2021
Last update November 7, 2024

CVSS base score

7.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulnerability by sending specific Layer 2 frames on the segment the router is connected to. A successful exploit could allow the attacker to cause a queue wedge on the interface, resulting in a DoS condition.

Key dates

02Disclosure timeline

September 23, 2021 CVE published
November 7, 2024 Record updated