Detections
Analytics

Cisco Multiple Operating Systems Unidirectional Link Detection Denial of Service (CVE-2021-34714)

high Tenable OT Security Plugin ID 501358

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?bec5ced8

Plugin Details

Severity: High

ID: 501358

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 7/25/2023

Updated: 10/19/2023

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5.7

Temporal Score: 4.2

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2021-34714

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:nx-os:3, cpe:/o:cisco:nx-os:7, cpe:/o:cisco:nx-os:8

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 9/23/2021

Vulnerability Publication Date: 9/23/2021

Reference Information

CVE: CVE-2021-34714

CWE: 20