CVE-2021-1285
CVSS 3.0 Score 7.4 of 10 (high)
Details
Summary
CVE-2021-1285 is a denial-of-service vulnerability affecting multiple Cisco products. The issue lies in the Ethernet Frame Decoder of the Snort detection engine, which mishandles error conditions when processing Ethernet frames. An unauthenticated, adjacent attacker can exploit this flaw by sending malicious Ethernet frames, leading to exhaustion of disk space on the affected device. Consequences include inaccessible administrator logins and potential inability to boot up the device. Recovery requires manual intervention through Cisco's Technical Assistance Center. Software updates have been released to mitigate the vulnerability. No workarounds are available.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.