CVE-2021-1622 : A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Ro

A vulnerability in the Common Open Policy Service (COPS) of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause resource exhaustion, resulting in a denial of service (DoS) condition. This vulnerability is due to a deadlock condition in the code when processing COPS packets under certain conditions. An attacker could exploit this vulnerability by sending COPS packets with high burst rates to an affected device. A successful exploit could allow the attacker to cause the CPU to consume excessive resources, which prevents other control plane processes from obtaining resources and results in a DoS.

Published 2021-09-23 03:15:13

Updated 2021-11-23 13:10:46

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2021-1622

Probability of exploitation activity in the next 30 days: 0.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-1622

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
8.6	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	3.9	4.0	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High
8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	3.9	4.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-1622

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Assigned by: nvd@nist.gov (Primary)
CWE-833 Deadlock

The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2021-1622

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8-cops-Vc2ZsJSx

Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers Common Open Policy Service Denial of Service Vulnerability
Patch;Vendor Advisory

Products affected by CVE-2021-1622

Cisco » Ios Xe
Versions before (<) 16.12.1z1
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » 7600 Router » Version: N/A
When used together with: Cisco » Asr 901-12c-f-d » Version: N/A
When used together with: Cisco » Asr 901-12c-ft-d » Version: N/A
When used together with: Cisco » Asr 901-4c-f-d » Version: N/A
When used together with: Cisco » Asr 901-4c-ft-d » Version: N/A
When used together with: Cisco » Asr 901-6cz-f-a » Version: N/A
When used together with: Cisco » Asr 901-6cz-f-d » Version: N/A
When used together with: Cisco » Asr 901-6cz-fs-a » Version: N/A
When used together with: Cisco » Asr 901-6cz-fs-d » Version: N/A
When used together with: Cisco » Asr 901-6cz-ft-a » Version: N/A
When used together with: Cisco » Asr 901-6cz-ft-d » Version: N/A
When used together with: Cisco » Cbr-8 » Version: N/A
Cisco » Ios Xe » Version: 17.3.1x
cpe:2.3:o:cisco:ios_xe:17.3.1x:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » 7600 Router » Version: N/A
When used together with: Cisco » Asr 901-12c-f-d » Version: N/A
When used together with: Cisco » Asr 901-12c-ft-d » Version: N/A
When used together with: Cisco » Asr 901-4c-f-d » Version: N/A
When used together with: Cisco » Asr 901-4c-ft-d » Version: N/A
When used together with: Cisco » Asr 901-6cz-f-a » Version: N/A
When used together with: Cisco » Asr 901-6cz-f-d » Version: N/A
When used together with: Cisco » Asr 901-6cz-fs-a » Version: N/A
When used together with: Cisco » Asr 901-6cz-fs-d » Version: N/A
When used together with: Cisco » Asr 901-6cz-ft-a » Version: N/A
When used together with: Cisco » Asr 901-6cz-ft-d » Version: N/A
When used together with: Cisco » Cbr-8 » Version: N/A

Vulnerability Details : CVE-2021-1622

Exploit prediction scoring system (EPSS) score for CVE-2021-1622

CVSS scores for CVE-2021-1622

CWE ids for CVE-2021-1622

References for CVE-2021-1622

Products affected by CVE-2021-1622