CVE-2021-1616

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature could allow an unauthenticated, remote attacker to bypass the ALG. This issue is due to insufficient data validation of traffic that is traversing the ALG. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device, potentially allowing them to bypass the ALG and open connections that should not be allowed to a remote device located behind the ALG. This vulnerability has been publicly discussed as NAT Slipstreaming.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.