CVE-2021-1440

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Nov 18, 2024
Updated: Nov 21, 2024
CWE ID 617

Summary

CVE-2021-1440 is a vulnerability affecting the RPKI feature in Cisco IOS XR Software. It allows unauthenticated, remote attackers to cause a denial of service (DoS) condition by exploiting the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. The attacker could either compromise the RPKI validator server and send a malicious RTR packet or use man-in-the-middle techniques to impersonate the server and send a crafted RTR response packet. Consequences include constant BGP process restarts and unstable routing. Cisco has released software updates to fix this vulnerability, and no workarounds are available. This advisory is included in the September 2021 Cisco IOS XR Software Security Advisory Bundled Publication.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco IOS

Affected Vendors

  • Cisco Systems Inc