CVE-2021-1440
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Summary
CVE-2021-1440 is a vulnerability affecting the RPKI feature in Cisco IOS XR Software. It allows unauthenticated, remote attackers to cause a denial of service (DoS) condition by exploiting the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. The attacker could either compromise the RPKI validator server and send a malicious RTR packet or use man-in-the-middle techniques to impersonate the server and send a crafted RTR response packet. Consequences include constant BGP process restarts and unstable routing. Cisco has released software updates to fix this vulnerability, and no workarounds are available. This advisory is included in the September 2021 Cisco IOS XR Software Security Advisory Bundled Publication.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco IOS
Affected Vendors
- Cisco Systems Inc