Vulnerabilities > CVE-2021-34713 - Unspecified vulnerability in Cisco IOS XR

CVSS 7.4 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

cisco

NVD

Published: 2021-09-09

Updated: 2023-11-07

Summary

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected line card to reboot. This vulnerability is due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An attacker could exploit this vulnerability by sending specific types of Ethernet frames on the segment where the affected line cards are attached. A successful exploit could allow the attacker to cause the affected line card to reboot.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XR 6.4.0 Cisco IOS XR 6.4.1 Cisco IOS XR 6.4.1_Base Cisco IOS XR 6.4.2 Cisco IOS XR 6.4.3 Cisco IOS XR 6.5.0 Cisco IOS XR 6.5.1 Cisco IOS XR 6.5.2 Cisco IOS XR 6.5.3 Cisco IOS XR 6.5.29 Cisco IOS XR 6.6.0 Cisco IOS XR 6.6.1 Cisco IOS XR 6.6.2 Cisco IOS XR * Cisco IOS XR 7.0.0 Cisco IOS XR 7.0.1 Cisco IOS XR 7.1.0	24
Hardware	Cisco Cisco ASR 9000 - Cisco ASR 9000V V2 - Cisco ASR 9001 - Cisco ASR 9006 - Cisco ASR 9010 - Cisco ASR 9901 - Cisco ASR 9902 - Cisco ASR 9903 - Cisco ASR 9904 - Cisco ASR 9906 - Cisco ASR 9910 - Cisco ASR 9912 - Cisco ASR 9922 -	13

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-npspin-QYpwdhFD