Vulnslist

find the latest Cisco vulnerabilities

Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability

cisco-sa-ipsla-ZA3SRrpP · High · Published · Updated

A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP This advisory is part of the September 2021 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2021 Cisco IOS XR Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability. However, administrators may choose to do the following as a mitigation:

If IP SLA responder is configured with a key chain and a key-string password, then only authenticated attackers can exploit this vulnerability. To enable authentication on the IP SLA responder, use the show running-config ipsla and the show run key chain commands, as shown in the following example:

RP/0/RP0/CPU0:IOSXR# show running-config ipsla
ipsla
key-chain 1
responder
!
!
RP/0/RP0/CPU0:IOSXR#
RP/0/RP0/CPU0:IOSXR#show run key chain
key chain 1
key 1
key-string password 060506324F41584B56
!
!

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2021-34720
Cisco Bug IDsCSCvw32825, CSCvw61840
CVSS ScoreBase 8.6
Base 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco IOS XR Software

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2021-34720 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2021-34720 Cisco OpenVuln
Cisco IOS Software CVE-2021-34720 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2021-34720 Cisco OpenVuln
Cisco IOS XR Software CVE-2021-34720 Cisco OpenVuln
Cisco IOS CVE-2021-34720 Cisco OpenVuln