CVE-2021-1433: Cisco IOS XE SD-WAN Software vDaemon Buffer Overflow Vulnerability
First published: Wed Mar 24 2021(Updated: )
A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when the device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. The attacker must have a man-in-the-middle position between Cisco vManage and an associated device that is running an affected version of Cisco IOS XE SD-WAN Software. An exploit could allow the attacker to conduct a controllable buffer overflow attack (and possibly execute arbitrary commands as the root user) or cause a device reload, resulting in a denial of service (DoS) condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE | =3.15.1xbs | |
| Cisco IOS XE | =3.15.2xbs | |
| Cisco IOS XE | =16.12.1 | |
| Cisco IOS XE | =16.12.1a | |
| Cisco IOS XE | =16.12.1c | |
| Cisco IOS XE | =16.12.1s | |
| Cisco IOS XE | =16.12.1t | |
| Cisco IOS XE | =16.12.1w | |
| Cisco IOS XE | =16.12.1x | |
| Cisco IOS XE | =16.12.1y | |
| Cisco IOS XE | =16.12.1z | |
| Cisco IOS XE | =16.12.1za | |
| Cisco IOS XE | =16.12.2 | |
| Cisco IOS XE | =16.12.2a | |
| Cisco IOS XE | =16.12.2s | |
| Cisco IOS XE | =16.12.2t | |
| Cisco IOS XE | =16.12.3 | |
| Cisco IOS XE | =16.12.3a | |
| Cisco IOS XE | =16.12.3s | |
| Cisco IOS XE | =17.2.1 | |
| Cisco IOS XE | =17.2.1a | |
| Cisco IOS XE | =17.2.1r | |
| Cisco IOS XE | =17.2.1v |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-1433?
CVE-2021-1433 has been classified as a high severity vulnerability due to its potential impact on affected systems.
How do I fix CVE-2021-1433?
To fix CVE-2021-1433, you should apply the appropriate software updates or patches provided by Cisco for the affected IOS XE versions.
Which versions of Cisco IOS XE are affected by CVE-2021-1433?
CVE-2021-1433 affects multiple versions of Cisco IOS XE, including 3.15.1xbs, 3.15.2xbs, and various releases from 16.12.x and 17.2.x series.
What type of attack can be executed using CVE-2021-1433?
CVE-2021-1433 allows an unauthenticated, remote attacker to execute a buffer overflow attack on the affected device.
What does the buffer overflow vulnerability in CVE-2021-1433 mean?
The buffer overflow vulnerability in CVE-2021-1433 means that an attacker can manipulate memory allocation, potentially leading to system crashes or unauthorized access.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/title
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/3.15.1xbs
- version/cisco ios xe/3.15.2xbs
- version/cisco ios xe/16.12.1
- version/cisco ios xe/16.12.1a
- version/cisco ios xe/16.12.1c
- version/cisco ios xe/16.12.1s
- version/cisco ios xe/16.12.1t
- version/cisco ios xe/16.12.1w
- version/cisco ios xe/16.12.1x
- version/cisco ios xe/16.12.1y
- version/cisco ios xe/16.12.1z
- version/cisco ios xe/16.12.1za
- version/cisco ios xe/16.12.2
- version/cisco ios xe/16.12.2a
- version/cisco ios xe/16.12.2s
- version/cisco ios xe/16.12.2t
- version/cisco ios xe/16.12.3
- version/cisco ios xe/16.12.3a
- version/cisco ios xe/16.12.3s
- version/cisco ios xe/17.2.1
- version/cisco ios xe/17.2.1a
- version/cisco ios xe/17.2.1r
- version/cisco ios xe/17.2.1v