Overview
- Description
- A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Known exploits
Data from CISA
- Vulnerability name
- Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
- Exploit added on
- Mar 3, 2022
- Exploit action due
- Mar 17, 2022
- Required action
- Apply updates per vendor instructions.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:3.6\\(2\\)e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ACD48AE-B818-40CE-848B-90B9BF1D4255"
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.6\\(2\\)e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D9506FB-B290-44AF-80A1-F698BEC3CBC0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_4500-x_series_switches_\\(k10\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D720B575-15F7-49CA-AA2F-8594982DF9A0"
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_4500_supervisor_engine_6-e_\\(k5\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D0C6A995-0878-49E6-B314-2278C8EB0E7E"
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_4500_supervisor_engine_6l-e_\\(k10\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "06BF802C-C57A-402C-8EC2-E6176CB0FF86"
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_4500_supervisor_engine_7-e_\\(k10\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9832B73C-116D-4F81-9DE8-1BA930648E3F"
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_4500_supervisor_engine_7l-e_\\(k10\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "43AB5E31-8D8F-4009-9D6D-23C03EC9319A"
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_4500e_supervisor_engine_8-e_\\(k10\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "663DCB07-F6B6-4DC6-8373-742A7C117E44"
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_4500e_supervisor_engine_8l-e_\\(k10\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "229DF042-CEF2-4D1E-9197-3656919BF917"
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_4500e_supervisor_engine_9-e_\\(k10\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D8F261DC-26E4-48DC-A900-C41BF6CB4557"
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_4900m_switch_\\(k5\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CF434413-83D7-4D41-B9BF-4DF258B491E0"
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_4948e_ethernet_switch_\\(k5\\):-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BC27EF7D-924D-493C-B3C3-AC17EE9E5D44"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:3.6\\(2\\)e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ACD48AE-B818-40CE-848B-90B9BF1D4255"
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:3.6\\(2\\)e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D9506FB-B290-44AF-80A1-F698BEC3CBC0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E96AE552-ABC5-4101-ACF6-B7F20FFB4043"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]