CVE-2021-34703: Cisco IOS and IOS XE Software Link Layer Discovery Protocol Denial of Service Vulnerability
First published: Thu Sep 23 2021(Updated: )
A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | <=16.12.3 | |
| Cisco IOS XE Web UI | <=16.12.3 | |
| Cisco 1000 Integrated Services Router | ||
| Cisco 1100-4g/6g Integrated Services Router | ||
| Cisco 1109-4p Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1111x-8p | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 4000 Series Integrated Services Routers | ||
| Cisco 4221 Integrated Services Router | ||
| Cisco 4321/k9 Integrated Services Router | ||
| Cisco 4331/k9-rf Integrated Services Router | ||
| Cisco 4351/k9-rf Integrated Services Router | ||
| Cisco 4431 Integrated Services Router | ||
| Cisco 4451-X Integrated Services Router | ||
| Cisco 4451-X Integrated Services Router | ||
| Cisco 4441 Integrated Services Router | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-12x48UQ | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-12x48UQ-S | ||
| Cisco Catalyst 3650-12X48UR | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-12X48UR-L | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-12x48UZ-L | ||
| Cisco Catalyst 3650-12x48uz-s | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-24PD-S | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-24PS-E | ||
| Cisco Catalyst 3650-24PS-L | ||
| Cisco Catalyst 3650-24PS | ||
| Cisco Catalyst 3650-24TD-E | ||
| Cisco Catalyst 3650-24TD-L | ||
| Cisco Catalyst 3650-24TD Switch | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-24TS-L | ||
| Cisco Catalyst 3650-24TS-S | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48FQ-E | ||
| Cisco Catalyst 3650-48FQ-L | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48FQM Switch | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48FQM Switch | ||
| Cisco Catalyst 3650 Series Switch | ||
| Cisco Catalyst 3650 Series Switch WS-C3650-48FS | ||
| Cisco Catalyst 3650 Series Switch WS-C3650-48FS | ||
| Cisco Catalyst 3650-48PD-E | ||
| Cisco Catalyst 3650-48PD | ||
| Cisco Catalyst 3650-48PD-S | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48PQ-L | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-48PS-L | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 Series | ||
| Cisco Catalyst 3650-48TQ-S | ||
| Cisco Catalyst 3650-48TS Switch | ||
| Cisco Catalyst 3650-48TS Switch | ||
| Cisco Catalyst 3650-48TS Switch | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-8X24UQ | ||
| Cisco Catalyst 3650 | ||
| Cisco Catalyst 3650-8X24UQ | ||
| Cisco Catalyst 3650-8X24UQ | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-12X48U-E | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 Series | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 9300-24s-e Firmware | ||
| Cisco Catalyst 3850-24S-S | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-24T-L | ||
| Cisco Catalyst 3850-24T-S | ||
| Cisco Catalyst 3850-24U | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-24XS | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850-24XU | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-48F-E | ||
| Cisco Catalyst 3850-48F-L | ||
| Cisco Catalyst 3850-48F-S | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-48P-S | ||
| Cisco Catalyst 3850-48PW-S | ||
| Cisco Catalyst 3850-48T-E | ||
| Cisco Catalyst 3850-48T-L | ||
| Cisco Catalyst 3850 Series | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-48U-E | ||
| Cisco Catalyst 3850-48U | ||
| Cisco Catalyst 3850-48U | ||
| Cisco Catalyst 3850-48XS | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850-48XS | ||
| Cisco Catalyst 3850-48XS | ||
| Cisco Catalyst 3850-48XS-S | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 3850 | ||
| Cisco Catalyst 9200CX | ||
| Cisco Catalyst 9300 Firmware | ||
| Cisco Catalyst 9300-24p-a Firmware | ||
| Cisco Catalyst 9300-24p-e Firmware | ||
| Cisco Catalyst 9300-24s-a Firmware | ||
| Cisco Catalyst 9300-24s-e Firmware | ||
| Cisco Catalyst 9300-24t-a Firmware | ||
| Cisco Catalyst 9300-24t-e Firmware | ||
| Cisco Catalyst 9300-24u-a Firmware | ||
| Cisco Catalyst 9300-24u-e Firmware | ||
| Cisco Catalyst 9300-24ux-a Firmware | ||
| Cisco Catalyst 9300-24ux-e Firmware | ||
| Cisco Catalyst 9300-48p-a Firmware | ||
| Cisco Catalyst 9300-48p-e Firmware | ||
| Cisco Catalyst 9300-48s-a Firmware | ||
| Cisco Catalyst 9300-48s-e Firmware | ||
| Cisco Catalyst 9300-48t-a Firmware | ||
| Cisco Catalyst 9300-48t-e Firmware | ||
| Cisco Catalyst 9300-48u-a Firmware | ||
| Cisco Catalyst 9300-48u-e Firmware | ||
| Cisco Catalyst 9300-48un-a Firmware | ||
| Cisco Catalyst 9300-48un-e Firmware | ||
| Cisco Catalyst 9300-48uxm-a Firmware | ||
| Cisco Catalyst 9300-48uxm-e Firmware | ||
| Cisco Catalyst 9300l Firmware | ||
| Cisco Catalyst 9300L-24P-4G-A Firmware | ||
| Cisco Catalyst 9300l-24p-4g-e Firmware | ||
| Cisco Catalyst 9300L-24P-4X-A Firmware | ||
| Cisco Catalyst 9300l-24p-4x-e Firmware | ||
| Cisco Catalyst 9300l-24t-4g-a Firmware | ||
| Cisco Catalyst 9300L-24T-4G-E Firmware | ||
| Cisco Catalyst 9300l-24t-4x-a Firmware | ||
| Cisco Catalyst 9300L-24T-4X-E Firmware | ||
| Cisco Catalyst 9300L-48P-4G-A Firmware | ||
| Cisco Catalyst 9300l-48p-4g-e Firmware | ||
| Cisco Catalyst 9300l-48p-4x-a Firmware | ||
| Cisco Catalyst 9300L-48P-4X-E Firmware | ||
| Cisco Catalyst 9300l-48t-4g-a Firmware | ||
| Cisco Catalyst 9300l-48t-4g-e Firmware | ||
| Cisco Catalyst 9300l-48t-4x-a Firmware | ||
| Cisco Catalyst 9300L-48T-4X-E Firmware | ||
| Cisco Catalyst 9300L Stack | ||
| Cisco Catalyst 9400 | ||
| Cisco Catalyst C9407R | ||
| Cisco Catalyst C9410R | ||
| Cisco Catalyst 9500 Series | ||
| Cisco Catalyst 9600 | ||
| Cisco Catalyst 9800 Firmware | ||
| Cisco Catalyst 9800-40 | ||
| Cisco Catalyst 9800-80 | ||
| Cisco Catalyst 9800-CL | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst 9800-L | ||
| Cisco Catalyst 9800-L | ||
| Cisco Cloud Services Router 1000V |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-34703?
CVE-2021-34703 is classified as a critical vulnerability that can lead to a denial of service (DoS) condition.
How do I fix CVE-2021-34703?
To fix CVE-2021-34703, upgrade the affected Cisco IOS and IOS XE software versions to the latest available release.
Which systems are affected by CVE-2021-34703?
CVE-2021-34703 affects Cisco IOS Software and Cisco IOS XE Software up to version 16.12.3.
What are the potential impacts of CVE-2021-34703?
The potential impact of CVE-2021-34703 includes device reloads, resulting in service disruptions and denial-of-service conditions.
Is there a workaround for CVE-2021-34703?
There is no official workaround for CVE-2021-34703; mitigation is limited to upgrading the affected software.
- agent/weakness
- agent/type
- agent/references
- agent/title
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/16.12.3
- canonical/cisco ios xe web ui
- version/cisco ios xe web ui/16.12.3
- canonical/cisco 1000 integrated services router
- canonical/cisco 1100-4g/6g integrated services router
- canonical/cisco 1109-4p integrated services router
- canonical/cisco 1100 integrated services router
- canonical/cisco 1100 series integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 1111x-8p
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 4000 series integrated services routers
- canonical/cisco 4221 integrated services router
- canonical/cisco 4321/k9 integrated services router
- canonical/cisco 4331/k9-rf integrated services router
- canonical/cisco 4351/k9-rf integrated services router
- canonical/cisco 4431 integrated services router
- canonical/cisco 4451-x integrated services router
- canonical/cisco 4441 integrated services router
- canonical/cisco catalyst 3650
- canonical/cisco catalyst 3650-12x48uq
- canonical/cisco catalyst 3650-12x48uq-s
- canonical/cisco catalyst 3650-12x48ur
- canonical/cisco catalyst 3650-12x48ur-l
- canonical/cisco catalyst 3650-12x48uz-l
- canonical/cisco catalyst 3650-12x48uz-s
- canonical/cisco catalyst 3650-24pd-s
- canonical/cisco catalyst 3650-24ps-e
- canonical/cisco catalyst 3650-24ps-l
- canonical/cisco catalyst 3650-24ps
- canonical/cisco catalyst 3650-24td-e
- canonical/cisco catalyst 3650-24td-l
- canonical/cisco catalyst 3650-24td switch
- canonical/cisco catalyst 3650-24ts-l
- canonical/cisco catalyst 3650-24ts-s
- canonical/cisco catalyst 3650-48fq-e
- canonical/cisco catalyst 3650-48fq-l
- canonical/cisco catalyst 3650-48fqm switch
- canonical/cisco catalyst 3650 series switch
- canonical/cisco catalyst 3650 series switch ws-c3650-48fs
- canonical/cisco catalyst 3650-48pd-e
- canonical/cisco catalyst 3650-48pd
- canonical/cisco catalyst 3650-48pd-s
- canonical/cisco catalyst 3650-48pq-l
- canonical/cisco catalyst 3650-48ps-l
- canonical/cisco catalyst 3650 series
- canonical/cisco catalyst 3650-48tq-s
- canonical/cisco catalyst 3650-48ts switch
- canonical/cisco catalyst 3650-8x24uq
- canonical/cisco catalyst 3850
- canonical/cisco catalyst 3850-12x48u-e
- canonical/cisco catalyst 3850 series
- canonical/cisco catalyst 9300-24s-e firmware
- canonical/cisco catalyst 3850-24s-s
- canonical/cisco catalyst 3850-24t-l
- canonical/cisco catalyst 3850-24t-s
- canonical/cisco catalyst 3850-24u
- canonical/cisco catalyst 3850-24xs
- canonical/cisco catalyst 3850-24xu
- canonical/cisco catalyst 3850-48f-e
- canonical/cisco catalyst 3850-48f-l
- canonical/cisco catalyst 3850-48f-s
- canonical/cisco catalyst 3850-48p-s
- canonical/cisco catalyst 3850-48pw-s
- canonical/cisco catalyst 3850-48t-e
- canonical/cisco catalyst 3850-48t-l
- canonical/cisco catalyst 3850-48u-e
- canonical/cisco catalyst 3850-48u
- canonical/cisco catalyst 3850-48xs
- canonical/cisco catalyst 3850-48xs-s
- canonical/cisco catalyst 9200cx
- canonical/cisco catalyst 9300 firmware
- canonical/cisco catalyst 9300-24p-a firmware
- canonical/cisco catalyst 9300-24p-e firmware
- canonical/cisco catalyst 9300-24s-a firmware
- canonical/cisco catalyst 9300-24t-a firmware
- canonical/cisco catalyst 9300-24t-e firmware
- canonical/cisco catalyst 9300-24u-a firmware
- canonical/cisco catalyst 9300-24u-e firmware
- canonical/cisco catalyst 9300-24ux-a firmware
- canonical/cisco catalyst 9300-24ux-e firmware
- canonical/cisco catalyst 9300-48p-a firmware
- canonical/cisco catalyst 9300-48p-e firmware
- canonical/cisco catalyst 9300-48s-a firmware
- canonical/cisco catalyst 9300-48s-e firmware
- canonical/cisco catalyst 9300-48t-a firmware
- canonical/cisco catalyst 9300-48t-e firmware
- canonical/cisco catalyst 9300-48u-a firmware
- canonical/cisco catalyst 9300-48u-e firmware
- canonical/cisco catalyst 9300-48un-a firmware
- canonical/cisco catalyst 9300-48un-e firmware
- canonical/cisco catalyst 9300-48uxm-a firmware
- canonical/cisco catalyst 9300-48uxm-e firmware
- canonical/cisco catalyst 9300l firmware
- canonical/cisco catalyst 9300l-24p-4g-a firmware
- canonical/cisco catalyst 9300l-24p-4g-e firmware
- canonical/cisco catalyst 9300l-24p-4x-a firmware
- canonical/cisco catalyst 9300l-24p-4x-e firmware
- canonical/cisco catalyst 9300l-24t-4g-a firmware
- canonical/cisco catalyst 9300l-24t-4g-e firmware
- canonical/cisco catalyst 9300l-24t-4x-a firmware
- canonical/cisco catalyst 9300l-24t-4x-e firmware
- canonical/cisco catalyst 9300l-48p-4g-a firmware
- canonical/cisco catalyst 9300l-48p-4g-e firmware
- canonical/cisco catalyst 9300l-48p-4x-a firmware
- canonical/cisco catalyst 9300l-48p-4x-e firmware
- canonical/cisco catalyst 9300l-48t-4g-a firmware
- canonical/cisco catalyst 9300l-48t-4g-e firmware
- canonical/cisco catalyst 9300l-48t-4x-a firmware
- canonical/cisco catalyst 9300l-48t-4x-e firmware
- canonical/cisco catalyst 9300l stack
- canonical/cisco catalyst 9400
- canonical/cisco catalyst c9407r
- canonical/cisco catalyst c9410r
- canonical/cisco catalyst 9500 series
- canonical/cisco catalyst 9600
- canonical/cisco catalyst 9800 firmware
- canonical/cisco catalyst 9800-40
- canonical/cisco catalyst 9800-80
- canonical/cisco catalyst 9800-cl
- canonical/cisco catalyst 9800-l
- canonical/cisco cloud services router 1000v