CVE-2021-1352

HIGH

Cisco Ios XE - Denial of Service

Title source: rule

Description

A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-decnet-dos-cuPWDkyL

Scores

CVSS v3 7.4

EPSS 0.0007

EPSS Percentile 22.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-823

Status published

Products (50)

cisco/ios_xe 16.4.1

cisco/ios_xe 16.4.2

cisco/ios_xe 16.4.3

cisco/ios_xe 16.5.1

cisco/ios_xe 16.5.1a

cisco/ios_xe 16.5.1b

cisco/ios_xe 16.5.2

cisco/ios_xe 16.5.3

cisco/ios_xe 16.6.1

cisco/ios_xe 16.6.2

... and 40 more

Published Mar 24, 2021

Tracked Since Feb 18, 2026