Vulnerability Description
A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | <= 16.12.3 |
| Cisco | Ios Xe | <= 16.12.3 |
| Cisco | 1000 Integrated Services Router | - |
| Cisco | 1100-4G\/6G Integrated Services Router | - |
| Cisco | 1100-4P Integrated Services Router | - |
| Cisco | 1100-8P Integrated Services Router | - |
| Cisco | 1100 Integrated Services Router | - |
| Cisco | 1101-4P Integrated Services Router | - |
| Cisco | 1101 Integrated Services Router | - |
| Cisco | 1109-2P Integrated Services Router | - |
| Cisco | 1109-4P Integrated Services Router | - |
| Cisco | 1109 Integrated Services Router | - |
| Cisco | 1111X-8P Integrated Services Router | - |
| Cisco | 1111X Integrated Services Router | - |
| Cisco | 111X Integrated Services Router | - |
| Cisco | 1120 Integrated Services Router | - |
| Cisco | 1160 Integrated Services Router | - |
| Cisco | 4000 Integrated Services Router | - |
| Cisco | 4221 Integrated Services Router | - |
| Cisco | 4321 Integrated Services Router | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lVendor Advisory
FAQ
What is CVE-2021-34703?
CVE-2021-34703 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting ...
How severe is CVE-2021-34703?
CVE-2021-34703 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34703?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe, Cisco 1000 Integrated Services Router, Cisco 1100-4G\/6G Integrated Services Router, Cisco 1100-4P Integrated Services Router.