CVE-2021-1368
📋 TL;DR
A vulnerability in Cisco FXOS and NX-OS software's UDLD feature allows unauthenticated adjacent attackers to execute arbitrary code with admin privileges or cause denial of service. Attackers need direct network access and specific configurations to exploit. This affects Cisco devices running vulnerable software versions.
💻 Affected Systems
- Cisco FXOS Software
- Cisco NX-OS Software
📦 What is this software?
Firepower Extensible Operating System by Cisco
View all CVEs affecting Firepower Extensible Operating System →
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
⚠️ Risk & Real-World Impact
Worst Case
Arbitrary code execution with administrative privileges leading to complete device compromise
Likely Case
Denial of service causing device reload and service disruption
If Mitigated
No impact if UDLD is disabled or proper network segmentation is in place
🎯 Exploit Status
Exploitation requires: 1) Adjacent attacker with direct connection, 2) UDLD-enabled port channel, 3) Specific system conditions for RCE (otherwise only DoS)
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple fixed versions - refer to Cisco advisory for specific product fixes
Vendor Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-udld-rce-xetH6w35
Restart Required: Yes
Instructions:
1. Check Cisco advisory for affected product versions. 2. Download and apply appropriate software update. 3. Reload device to activate patched software.
🔧 Temporary Workarounds
Disable UDLD
allDisable the UDLD feature on all interfaces and port channels
no udld enable
no udld aggressive
Network Segmentation
allImplement strict network segmentation to limit adjacent device access
🧯 If You Can't Patch
- Disable UDLD feature on all interfaces and port channels
- Implement strict access controls and network segmentation to limit adjacent device access
🔍 How to Verify
Check if Vulnerable:
Check if UDLD is enabled: 'show udld' and verify software version against Cisco advisoryCheck Version:
show versionVerify Fix Applied:
Verify software version is updated to fixed version and UDLD is disabled or patched📡 Detection & Monitoring
Log Indicators:
- UDLD process crashes
- Device reloads
- Unusual UDLD protocol packets
Network Indicators:
- Malformed UDLD packets
- UDLD protocol anomalies
SIEM Query:
Search for: 'UDLD crash', 'device reload', 'CVE-2021-1368' in system logs