How severe is CVE-2021-1285?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2021-1285?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2021-1285 - HIGH Severity | CVSS 7.4

Vulnerability Description

Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2018-16864

HIGH

CVSS:7.4(High)

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls sys...

CWE-7702018

CVE-2020-8203

HIGH

CVSS:7.4(High)

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

CWE-7702020

CVE-2025-20141

HIGH

CVSS:7.4(High)

A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to ca...

CWE-7702025

CVE-2016-20013

HIGH

CVSS:7.5(High)

sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

CWE-7702016

CVE-2016-4074

HIGH

CVSS:7.5(High)

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

CWE-7702016

CVE-2017-11468

HIGH

CVSS:7.5(High)

Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumptio...

CWE-7702017