fkie_cve-2021-1523
Vulnerability from fkie_nvd
Published
2021-08-25 19:15
Modified
2024-11-21 05:44
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in one or more leaf switches being removed from the fabric. This vulnerability is due to mishandling of ingress TCP traffic to a specific port. An attacker could exploit this vulnerability by sending a stream of TCP packets to a specific port on a Switched Virtual Interface (SVI) configured on the device. A successful exploit could allow the attacker to cause a specific packet queue to queue network buffers but never process them, leading to an eventual queue wedge. This could cause control plane traffic to be dropped, resulting in a denial of service (DoS) condition where the leaf switches are unavailable. Note: This vulnerability requires a manual intervention to power-cycle the device to recover.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKFVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKFVendor Advisory
Impacted products
Vendor Product Version
cisco nx-os 13.2\(3n\)
cisco nx-os 14.2\(4i\)
cisco nexus_93120tx -
cisco nexus_93128tx -
cisco nexus_9332pq -
cisco nexus_9372px -
cisco nexus_9372px-e -
cisco nexus_9372tx -
cisco nexus_9372tx-e -
cisco nexus_9396px -
cisco nexus_9396tx -


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:13.2\\(3n\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "CEBC0A74-551B-4BD1-A59A-80C119362D60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx-os:14.2\\(4i\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "9563DBDC-D2C0-4C7C-A246-EC95DC4581CA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F423E45D-A6DD-4305-9C6A-EAB26293E53A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "113772B6-E9D2-4094-9468-3F4E1A87D07D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4364ADB9-8162-451D-806A-B98924E6B2CF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B53BCB42-ED61-4FCF-8068-CB467631C63C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "49E0371B-FDE2-473C-AA59-47E1269D050F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "489D11EC-5A18-4F32-BC7C-AC1FCEC27222",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BC5293E-F2B4-46DC-85DA-167EA323FCFD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA022E77-6557-4A33-9A3A-D028E2DB669A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, which could result in critical control plane traffic to the device being dropped. This could result in one or more leaf switches being removed from the fabric. This vulnerability is due to mishandling of ingress TCP traffic to a specific port. An attacker could exploit this vulnerability by sending a stream of TCP packets to a specific port on a Switched Virtual Interface (SVI) configured on the device. A successful exploit could allow the attacker to cause a specific packet queue to queue network buffers but never process them, leading to an eventual queue wedge. This could cause control plane traffic to be dropped, resulting in a denial of service (DoS) condition where the leaf switches are unavailable. Note: This vulnerability requires a manual intervention to power-cycle the device to recover.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en Cisco Nexus 9000 Series Fabric Switches en el Modo Application Centric Infrastructure (ACI), podría permitir a un atacante remoto no autenticado causar un acuñamiento de queues en un switch de hoja, que podría resultar en una caída del tráfico crítico del plano de control en el dispositivo. Esto podría dar lugar a que uno o más switches de hoja sean eliminados de la estructura. Esta vulnerabilidad es debido a un manejo inapropiado del tráfico TCP de entrada a un puerto específico. Un atacante podría explotar esta vulnerabilidad mediante el envío de un flujo de paquetes TCP a un puerto específico en una Switched Virtual Interface configurada en el dispositivo. Una explotación con éxito podría permitir al atacante causar que una queue de paquetes específica ponga en queue los búferes de red pero nunca los procese, conllevando a un eventual acuñamiento de queues. Esto podría causar que el tráfico del plano de control se caiga, resultando en una condición de denegación de servicio (DoS) donde los switches de la hoja no están disponibles. Nota: Esta vulnerabilidad requiere una intervención manual para apagar el dispositivo y recuperarlo.",
      },
   ],
   id: "CVE-2021-1523",
   lastModified: "2024-11-21T05:44:32.577",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "psirt@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-08-25T19:15:07.217",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKF",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n9kaci-queue-wedge-cLDDEfKF",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-772",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-772",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.