CVE-2021-1268

A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr::::::::
	cpe:2.3:o:cisco:ios_xr:7.3.0:::::::*

OR	cpe:2.3:h:cisco:ncs_1001:-:::::::*
	cpe:2.3:h:cisco:ncs_1002:-:::::::*

History

No history.

Information

Published : 2021-02-04 17:15

Updated : 2024-02-04 21:23

NVD link : CVE-2021-1268

Mitre link : CVE-2021-1268

CVE.ORG link : CVE-2021-1268

JSON object : View

Products Affected

cisco

ios_xr
ncs_1001
ncs_1002

CWE

CWE-1076

Insufficient Adherence to Expected Conventions

{"id": "CVE-2021-1268", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2021-02-04T17:15:14.967", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-1076"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition."}, {"lang": "es", "value": "Una vulnerabilidad en el manejo del protocolo IPv6 de las interfaces de administraci\u00f3n del Software Cisco IOS XR, podr\u00eda permitir a un atacante adyacente no autenticado causar una inundaci\u00f3n de IPv6 en la red de la interfaz de administraci\u00f3n de un dispositivo afectado. La vulnerabilidad se presenta porque el software reenv\u00eda incorrectamente paquetes IPv6 que contienen un destino de direcci\u00f3n de grupo de multidifusi\u00f3n local de nodo IPv6 y son recibidos en las interfaces de administraci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad al conectarse a la misma red que las interfaces de administraci\u00f3n e inyectando paquetes IPv6 que contienen un destino de direcci\u00f3n de grupo de multidifusi\u00f3n local de nodo IPv6. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar una inundaci\u00f3n de IPv6 en la red correspondiente. Dependiendo de la cantidad de nodos del Software Cisco IOS XR, en ese segmento de red, la explotaci\u00f3n podr\u00eda causar un tr\u00e1fico de red excesivo, resultando en una degradaci\u00f3n de la red o una condici\u00f3n de denegaci\u00f3n de servicio (DoS)"}], "lastModified": "2023-11-07T03:27:49.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51C3061D-B020-4F38-A0DE-67DDAAFC269E", "versionEndExcluding": "6.7.3"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "010C84AB-7633-4A88-8938-7158EFC1E01C", "versionEndExcluding": "7.1.3", "versionStartIncluding": "7.1.0"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EA0CDB4-13C5-48BC-B3F5-36F8E2BD8DA1", "versionEndExcluding": "7.2.2", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "323C8DEE-3009-4D8D-A63F-873D2432F3A4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298"}, {"criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}