Vulnerability Description
A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xr | >= 6.4, < 6.6.3 |
| Cisco | Asr 9000 | - |
| Cisco | Asr 9000V-V2 | - |
| Cisco | Asr 9001 | - |
| Cisco | Asr 9006 | - |
| Cisco | Asr 9010 | - |
| Cisco | Asr 9901 | - |
| Cisco | Asr 9902 | - |
| Cisco | Asr 9903 | - |
| Cisco | Asr 9904 | - |
| Cisco | Asr 9906 | - |
| Cisco | Asr 9910 | - |
| Cisco | Asr 9912 | - |
| Cisco | Asr 9922 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nVendor Advisory
FAQ
What is CVE-2021-34713?
CVE-2021-34713 is a vulnerability with a CVSS score of 7.4 (HIGH). A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected ...
How severe is CVE-2021-34713?
CVE-2021-34713 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34713?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr, Cisco Asr 9000, Cisco Asr 9000V-V2, Cisco Asr 9001, Cisco Asr 9006.