1. Home
  2. CVE Database
  3. CVE-2021-1367
MEDIUM · 4.3

CVE-2021-1367

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affecte...

Vulnerability Description

A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
CiscoNx-Os9.3\(5\)
CiscoNexus 9000V Switch-
CiscoNexus 92160Yc-X Switch-
CiscoNexus 92300Yc Switch-
CiscoNexus 92304Qc Switch-
CiscoNexus 92348Gc-X Switch-
CiscoNexus 9236C Switch-
CiscoNexus 9272Q Switch-
CiscoNexus 93108Tc-Ex-24 Switch-
CiscoNexus 93108Tc-Ex Switch-
CiscoNexus 93108Tc-Fx-24-
CiscoNexus 93108Tc-Fx Switch-
CiscoNexus 93120Tx-
CiscoNexus 93128Tx-
CiscoNexus 9316D-Gx-
CiscoNexus 93180Lc-Ex-
CiscoNexus 93180Yc-Ex-
CiscoNexus 93180Yc-Ex-24-
CiscoNexus 93180Yc-Fx-
CiscoNexus 93180Yc-Fx-24-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2021-1367?

CVE-2021-1367 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affecte...

How severe is CVE-2021-1367?

CVE-2021-1367 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1367?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 9000V Switch, Cisco Nexus 92160Yc-X Switch, Cisco Nexus 92300Yc Switch, Cisco Nexus 92304Qc Switch.