製品・ソフトウェアに関する情報

Vulnerability Search

ベンダー検索

Product/Service Search

JVN Vulnerability Search Top

->

JVN脆弱性詳細

Cisco IOS XR ソフトウェアにおける期待した規則への不十分な順守に関する脆弱性

Title	Cisco IOS XR ソフトウェアにおける期待した規則への不十分な順守に関する脆弱性
Summary	Cisco IOS XR ソフトウェアには、期待した規則への不十分な順守に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 3, 2021, midnight
Registration Date	Oct. 18, 2021, 5:03 p.m.
Last Update	Oct. 18, 2021, 5:03 p.m.

CVSS3.0 : 警告
Score	6.5
Vector	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 注意
Score	3.3
Vector	AV:A/AC:L/Au:N/C:N/I:N/A:P

Affected System

シスコシステムズ

Cisco IOS XR

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-1268	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1268
National Vulnerability Database (NVD)
2	CVE-2021-1268	https://nvd.nist.gov/vuln/detail/CVE-2021-1268

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-1076	https://cwe.mitre.org/data/definitions/1076.html

ベンダー情報

No	Name	URL
Cisco Security Advisory
1	cisco-sa-xripv6-spJem78K	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K

Change Log

No	Changed Details	Date of change
1	[2021年10月18日] 掲載	Oct. 18, 2021, 5:03 p.m.

NVD Vulnerability Information

CVE-2021-1268

Summary	A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition.
Publication Date	Feb. 5, 2021, 2:15 a.m.
Registration Date	Feb. 5, 2021, 10:01 a.m.
Last Update	Nov. 21, 2024, 2:43 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:cisco:ios_xr::::::::					6.7.3
cpe:2.3:o:cisco:ios_xr::::::::		7.1.0			7.1.3
cpe:2.3:o:cisco:ios_xr::::::::		7.2.0			7.2.2
cpe:2.3:o:cisco:ios_xr:7.3.0:::::::*
execution environment
1	cpe:2.3:h:cisco:ncs_1001:-:::::::*
2	cpe:2.3:h:cisco:ncs_1002:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K		Vendor Advisory
2	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xripv6-spJem78K		Vendor Advisory

Common Vulnerabilities List