Lucene search

[email protected]CVE-2021-1590

HistoryAug 25, 2021 - 8:15 p.m.

CVE-2021-1590

2021-08-2520:15:11

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-1590

cisco

nx-os

software

vulnerability

remote attacker

brute-force attack

denial of service

dos

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

JSON

A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device.

Affected configurations

NVD

Node

cisconx-osMatch7.0\(3\)i4\(0.116\)

cisconx-osMatch7.3\(7\)n1\(1b\)

AND

cisconexus_3000Match-

cisconexus_3048Match-

cisconexus_31108pc-vMatch-

cisconexus_31108tc-vMatch-

cisconexus_31128pqMatch-

cisconexus_3132c-zMatch-

cisconexus_3132q-vMatch-

cisconexus_3132q-x\/3132q-xlMatch-

cisconexus_3164qMatch-

cisconexus_3172pq\/pq-xlMatch-

cisconexus_3172tq-xlMatch-

cisconexus_3232cMatch-

cisconexus_3264c-eMatch-

cisconexus_3264qMatch-

cisconexus_3408-sMatch-

cisconexus_34180ycMatch-

cisconexus_3432d-sMatch-

cisconexus_3464cMatch-

cisconexus_3524-x\/xlMatch-

cisconexus_3548-x\/xlMatch-

cisconexus_36180yc-rMatch-

cisconexus_3636c-rMatch-

cisconexus_5548pMatch-

cisconexus_5548upMatch-

cisconexus_5596tMatch-

cisconexus_5596upMatch-

cisconexus_56128pMatch-

cisconexus_5624qMatch-

cisconexus_5648qMatch-

cisconexus_5672upMatch-

cisconexus_5672up-16gMatch-

cisconexus_5696qMatch-

cisconexus_6001Match-

cisconexus_6004Match-

cisconexus_7000_10-slotMatch-

cisconexus_7000_18-slotMatch-

cisconexus_7000_4-slotMatch-

cisconexus_7000_9-slotMatch-

cisconexus_7000_supervisor_1Match-

cisconexus_7000_supervisor_2Match-

cisconexus_7000_supervisor_2eMatch-

cisconexus_7004Match-

cisconexus_7009Match-

cisconexus_7010Match-

cisconexus_7018Match-

cisconexus_7700Match-

cisconexus_7700_10-slotMatch-

cisconexus_7700_18-slotMatch-

cisconexus_7700_2-slotMatch-

cisconexus_7700_6-slotMatch-

cisconexus_7700_supervisor_2eMatch-

cisconexus_7700_supervisor_3eMatch-

cisconexus_7702Match-

cisconexus_7706Match-

cisconexus_7710Match-

cisconexus_7718Match-

cisconexus_9000vMatch-

cisconexus_92160yc-xMatch-

cisconexus_92300ycMatch-

cisconexus_92304qcMatch-

cisconexus_92348gc-xMatch-

cisconexus_9236cMatch-

cisconexus_9272qMatch-

cisconexus_93108tc-exMatch-

cisconexus_93108tc-ex-24Match-

cisconexus_93108tc-fxMatch-

cisconexus_93108tc-fx-24Match-

cisconexus_93108tc-fx3pMatch-

cisconexus_93120txMatch-

cisconexus_93128txMatch-

cisconexus_9316d-gxMatch-

cisconexus_93180lc-exMatch-

cisconexus_93180yc-exMatch-

cisconexus_93180yc-ex-24Match-

cisconexus_93180yc-fxMatch-

cisconexus_93180yc-fx-24Match-

cisconexus_93180yc-fx3Match-

cisconexus_93180yc-fx3sMatch-

cisconexus_93216tc-fx2Match-

cisconexus_93240yc-fx2Match-

cisconexus_9332cMatch-

cisconexus_9332pqMatch-

cisconexus_93360yc-fx2Match-

cisconexus_9336c-fx2Match-

cisconexus_9336c-fx2-eMatch-

cisconexus_9348gc-fxpMatch-

cisconexus_93600cd-gxMatch-

cisconexus_9364cMatch-

cisconexus_9364c-gxMatch-

cisconexus_9372pxMatch-

cisconexus_9372px-eMatch-

cisconexus_9372txMatch-

cisconexus_9372tx-eMatch-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9508Match-

Node

ciscounified_computing_systemRange<4.0\(4m\)

ciscounified_computing_systemRange4.1–4.1\(3d\)

AND

ciscounified_computing_system_6248upMatch-

ciscounified_computing_system_6296upMatch-

ciscounified_computing_system_6324Match-

ciscounified_computing_system_6332Match-

ciscounified_computing_system_6332-16upMatch-

CPENameOperatorVersion
cisco:nx-oscisco nx-oseq7.0\(3\)i4\(0.116\)
cisco:nx-oscisco nx-oseq7.3\(7\)n1\(1b\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	eq	7.0\(3\)i4\(0.116\)
cisco:nx-os	cisco nx-os	eq	7.3\(7\)n1\(1b\)

CNA Affected

[
  {
    "product": "Cisco NX-OS Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-login-blockfor-RwjGVEcu

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.5%

JSON

Related for CVE-2021-1590

cvelist1 nessus2 cisco1 nvd1 cnvd1 prion1