Rewterz Threat Advisory – CVE-2021-1450 – Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability
April 15, 2021Rewterz Threat Advisory – Multiple Kubernetes Vulnerabilites
April 15, 2021Rewterz Threat Advisory – CVE-2021-1450 – Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability
April 15, 2021Rewterz Threat Advisory – Multiple Kubernetes Vulnerabilites
April 15, 2021Severity
High
Analysis Summary
CVE-2021-25663
The lengths of the extension header options are not checked by the function that processes the IPv6 headers. It allows attackers to put this function into an infinite loop that has crafted length values. The attackers can exploit this vulnerability to consume excessive resources like memory and CPU.
CVE-2021-25664
There are no checks against the length fields of the headers for the function that processes the hop-by-hop extension heard in the IPv6 packets. It allows the attackers to put the function into an infinite loop by supplying arbitrary-length values.
Impact
Infinite loop
Affected Vendors
Siemens
Affected Products
- Siemens Nucleus 4: All versions prior to v4.1.0
- Nucleus NET: All versions
- Nucleus ReadyStart: All versions
- Nucleus Source Code
- Nucleus VSTAR
Remediation
Refer to the ICS advisory for the complete list of affected products, mitigation methods, and their respective patches. https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05