CVE-2021-1285

CVSS 3.0 Score 7.4 of 10 (high)

Details

Published Nov 18, 2024
CWE ID 770

Summary

CVE-2021-1285 is a denial-of-service vulnerability affecting multiple Cisco products. The issue lies in the Ethernet Frame Decoder of the Snort detection engine, which mishandles error conditions when processing Ethernet frames. An unauthenticated, adjacent attacker can exploit this flaw by sending malicious Ethernet frames, leading to exhaustion of disk space on the affected device. Consequences include inaccessible administrator logins and potential inability to boot up the device. Recovery requires manual intervention through Cisco's Technical Assistance Center. Software updates have been released to mitigate the vulnerability. No workarounds are available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share