CVE-2021-1377 — MEDIUM (5.8)

Vulnerability Description

A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Cisco	Ios	12.2\(6\)i1
Cisco	Ios Xe	3.6.6e

Related Weaknesses (CWE)

CWE-399

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aVendor Advisory

FAQ

What is CVE-2021-1377?

CVE-2021-1377 is a vulnerability with a CVSS score of 5.8 (MEDIUM). A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resol...

How severe is CVE-2021-1377?

CVE-2021-1377 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1377?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe.