1. Home
  2. CVE Database
  3. CVE-2021-1231
MEDIUM · 4.7

CVE-2021-1231

A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to ...

Vulnerability Description

A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
CiscoNx-Os11.0\(1b\)
CiscoNexus 9000V-
CiscoNexus 92160Yc-X-
CiscoNexus 92300Yc-
CiscoNexus 92304Qc-
CiscoNexus 92348Gc-X-
CiscoNexus 9236C-
CiscoNexus 9272Q-
CiscoNexus 93108Tc-Ex-
CiscoNexus 93108Tc-Ex-24-
CiscoNexus 93108Tc-Fx-
CiscoNexus 93108Tc-Fx-24-
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 9316D-Gx-
CiscoNexus 93180Lc-Ex-
CiscoNexus 93180Yc-Ex-
CiscoNexus 93180Yc-Ex-24-
CiscoNexus 93180Yc-Fx-
CiscoNexus 93180Yc-Fx-24-

Related Weaknesses (CWE)

CWE-346CWE-284

References

FAQ

What is CVE-2021-1231?

CVE-2021-1231 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to ...

How severe is CVE-2021-1231?

CVE-2021-1231 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1231?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 9000V, Cisco Nexus 92160Yc-X, Cisco Nexus 92300Yc, Cisco Nexus 92304Qc.