CVE-2021-1394

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers (affected versions not specified)

Description: A vulnerability in the ingress traffic manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This is due to incorrect processing of certain IPv4 TCP traffic destined to an affected device. An attacker could exploit this by sending a large number of crafted TCP packets to the affected device, causing the web management interface to become unavailable. Note that this vulnerability does not impact traffic going through the device or to the Management Ethernet interface.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.