Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-1588— Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability

CVSS 8.6 · High EPSS 1.03% · P77
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-1588

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缓冲区上溢读取
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco NX-OS Software 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco NX-OS Software是美国思科(Cisco)公司的一套交换机使用的数据中心级操作系统软件。 Cisco NX-OS Software 存在安全漏洞,攻击者利用该漏洞导致受影响设备拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco NX-OS Software n/a -

II. Public POCs for CVE-2021-1588

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-1588

登录查看更多情报信息。

Same Patch Batch · Cisco · 2021-08-25 · 15 CVEs total

CVE-2021-15779.1 CRITICALCisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerabi
CVE-2021-15788.8 HIGHCisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability
CVE-2021-15878.6 HIGHCisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
CVE-2021-15868.6 HIGHCisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Se
CVE-2021-15238.6 HIGHCisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerabili
CVE-2021-15798.1 HIGHCisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability
CVE-2021-15816.5 MEDIUMCisco Application Policy Infrastructure Controller Command Injection and File Upload Vulne
CVE-2021-15806.5 MEDIUMCisco Application Policy Infrastructure Controller Command Injection and File Upload Vulne
CVE-2021-15846.0 MEDIUMCisco Nexus 9000 Series Fabric Switches ACI Mode Privilege Escalation Vulnerability
CVE-2021-15915.8 MEDIUMCisco Nexus 9500 Series Switches Access Control List Bypass Vulnerability
CVE-2021-15825.4 MEDIUMCisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerabili
CVE-2021-15905.3 MEDIUMCisco NX-OS Software system login block-for Denial of Service Vulnerability
CVE-2021-15834.4 MEDIUMCisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability
CVE-2021-15924.3 MEDIUMCisco UCS Manager Software SSH Sessions Denial of Service Vulnerability

IV. Related Vulnerabilities

Same product: Cisco NX-OS Software
Same vendor: Cisco
Same weakness: CWE-126

V. Comments for CVE-2021-1588

No comments yet

Leave a comment