CVE-2021-1624: Cisco IOS XE Software Rate Limiting Network Address Translation Denial of Service Vulnerability
First published: Thu Sep 23 2021(Updated: )
A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to mishandling of the rate limiting feature within the QuantumFlow Processor. An attacker could exploit this vulnerability by sending large amounts of traffic that would be subject to NAT and rate limiting through an affected device. A successful exploit could allow the attacker to cause the QuantumFlow Processor utilization to reach 100 percent on the affected device, resulting in a DoS condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE | <=17.3.3 | |
| Cisco ASR 1000 | ||
| Cisco Asr 1000-esp100 | ||
| Cisco Asr 1000-x | ||
| Cisco Asr 1001 | ||
| Cisco Asr 1001-hx | ||
| Cisco Asr 1001-hx R | ||
| Cisco Asr 1001-x | ||
| Cisco Asr 1001-x R | ||
| Cisco Asr 1002 | ||
| Cisco Asr 1002-hx | ||
| Cisco Asr 1002-hx R | ||
| Cisco Asr 1002-x | ||
| Cisco Asr 1002-x R | ||
| Cisco Asr 1004 | ||
| Cisco Asr 1006 | ||
| Cisco Asr 1006-x | ||
| Cisco Asr 1009-x | ||
| Cisco Asr 1013 | ||
| Cisco Asr 1023 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Cisco IOS XE Software vulnerability?
The vulnerability ID of this Cisco IOS XE Software vulnerability is CVE-2021-1624.
What is the severity level of CVE-2021-1624?
The severity level of CVE-2021-1624 is high (8.6).
How does CVE-2021-1624 affect Cisco IOS XE Software?
CVE-2021-1624 can cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device, resulting in a denial of service (DoS) condition.
How can an attacker exploit CVE-2021-1624?
An unauthenticated, remote attacker can exploit CVE-2021-1624 to cause high CPU utilization in the Cisco QuantumFlow Processor of an affected device.
How can I fix CVE-2021-1624?
To fix CVE-2021-1624, it is recommended to apply the necessary software updates provided by Cisco.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/17.3.3
- canonical/cisco asr 1000
- canonical/cisco asr 1000-esp100
- canonical/cisco asr 1000-x
- canonical/cisco asr 1001
- canonical/cisco asr 1001-hx
- canonical/cisco asr 1001-hx r
- canonical/cisco asr 1001-x
- canonical/cisco asr 1001-x r
- canonical/cisco asr 1002
- canonical/cisco asr 1002-hx
- canonical/cisco asr 1002-hx r
- canonical/cisco asr 1002-x
- canonical/cisco asr 1002-x r
- canonical/cisco asr 1004
- canonical/cisco asr 1006
- canonical/cisco asr 1006-x
- canonical/cisco asr 1009-x
- canonical/cisco asr 1013
- canonical/cisco asr 1023