Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-34703— Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability

CVSS 6.8 · Medium EPSS 0.24% · P47
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-34703

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
变量未经初始化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco IOS XE Software 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco IOS XE Software是美国思科(Cisco)公司的一个操作系统。用于企业有线和无线访问,汇聚,核心和WAN的单一操作系统,Cisco IOS XE降低了业务和网络的复杂性。 Cisco IOS XE Software 存在安全漏洞,该漏洞源于软件的链路层发现协议(LLDP)消息解析器的的缓冲区初始化不当,漏洞可能允许攻击者触发受影响设备的重新加载,从而导致拒绝服务(DoS)攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco IOS n/a -

II. Public POCs for CVE-2021-34703

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-34703

登录查看更多情报信息。

Same Patch Batch · Cisco · 2021-09-23 · 33 CVEs total

CVE-2021-3477010.0 CRITICALCisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Exe
CVE-2021-16199.8 CRITICALCisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability
CVE-2021-347279.8 CRITICALCisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
CVE-2021-16248.6 HIGHCisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerab
CVE-2021-16228.6 HIGHCisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Servi
CVE-2021-16158.6 HIGHCisco Embedded Wireless Controller Software for Catalyst Access Points Denial of Service V
CVE-2021-16118.6 HIGHCisco IOS XE Software for Catalyst 9800 Series Wireless Controllers EoGRE Denial of Servic
CVE-2021-15658.6 HIGHCisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Servi
CVE-2021-347698.6 HIGHCisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Servi
CVE-2021-347688.6 HIGHCisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Servi
CVE-2021-14197.8 HIGHCisco Access Points SSH Management Privilege Escalation Vulnerability
CVE-2021-16237.7 HIGHCisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Simple Network Managemen
CVE-2021-16207.7 HIGHCisco IOS and IOS XE Software IKEv2 AutoReconnect Feature Denial of Service Vulnerability
CVE-2021-346997.7 HIGHCisco IOS and IOS XE Software TrustSec CLI Parser Denial of Service Vulnerability
CVE-2021-16217.4 HIGHCisco IOS XE Software Interface Queue Wedge Denial of Service Vulnerability
CVE-2021-347677.4 HIGHCisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service
CVE-2021-347407.4 HIGHCisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vul
CVE-2021-347147.4 HIGHMultiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerabi
CVE-2021-347296.7 MEDIUMCisco IOS XE SD-WAN Software Command Injection Vulnerability
CVE-2021-347256.7 MEDIUMCisco IOS XE SD-WAN Software Command Injection Vulnerability

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco IOS
Same vendor: Cisco
Same weakness: CWE-456

V. Comments for CVE-2021-34703

No comments yet

Leave a comment