CVE-2021-34714: A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR So...

Description

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process.

Metrics

CVSS 3.1

7.4/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Probability

0.38%

29.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Fxos	>= 2.2, < 2.2.2.148
Cisco	Fxos	>= 2.3, < 2.3.1.216
Cisco	Fxos	>= 2.4, < 2.4.1.273
Cisco	Fxos	>= 2.6, < 2.6.1.224
Cisco	Fxos	>= 2.7, < 2.7.1.143
Cisco	Fxos	>= 2.8, < 2.8.1.143
Cisco	Fxos	>= 2.9, < 2.9.1.135
Cisco	Firepower Extensible Operating System	<= 8.4\(3.115\)
Cisco	Ios	<= 8.4\(3.115\)
Cisco	Ios Xe	<= 8.4\(3.115\)
Cisco	Ios Xr	<= 8.4\(3.115\)
Cisco	Nx-Os	<= 8.4\(3.115\)
Cisco	Firepower Extensible Operating System	<= 7.0\(3\)i7\(9\)
Cisco	Ios	<= 7.0\(3\)i7\(9\)
Cisco	Ios Xe	<= 7.0\(3\)i7\(9\)
Cisco	Ios Xr	<= 7.0\(3\)i7\(9\)
Cisco	Nx-Os	<= 7.0\(3\)i7\(9\)
Cisco	Firepower Extensible Operating System	<= 7.3\(8\)n1\(1\)
Cisco	Ios	<= 7.3\(8\)n1\(1\)
Cisco	Ios Xe	<= 7.3\(8\)n1\(1\)
Cisco	Ios Xr	<= 7.3\(8\)n1\(1\)
Cisco	Nx-Os	<= 7.3\(8\)n1\(1\)
Cisco	Firepower Extensible Operating System	<= 3.2\(3o\)a
Cisco	Ios	<= 3.2\(3o\)a
Cisco	Ios Xe	<= 3.2\(3o\)a
Cisco	Ios Xr	<= 3.2\(3o\)a
Cisco	Nx-Os	<= 3.2\(3o\)a
Cisco	Firepower Extensible Operating System	<= 4.1\(1a\)a
Cisco	Ios	<= 4.1\(1a\)a
Cisco	Ios Xe	<= 4.1\(1a\)a
Cisco	Ios Xr	<= 4.1\(1a\)a

References

Timeline

Published: Sep 23, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-34714?

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process.

How severe is CVE-2021-34714?

CVE-2021-34714 has a CVSS score of 7.4/10 (HIGH severity). The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.

How do I fix CVE-2021-34714?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.