CVE-2021-34714
📋 TL;DR
This vulnerability allows an unauthenticated attacker on the same network segment to send specially crafted UDLD packets to Cisco networking devices, causing them to reload and creating a denial of service. It affects multiple Cisco operating systems including IOS, IOS XE, IOS XR, and NX-OS. The UDLD feature is disabled by default, limiting exposure.
💻 Affected Systems
- Cisco FXOS Software
- Cisco IOS Software
- Cisco IOS XE Software
- Cisco IOS XR Software
- Cisco NX-OS Software
📦 What is this software?
Firepower Extensible Operating System by Cisco
View all CVEs affecting Firepower Extensible Operating System →
Firepower Extensible Operating System by Cisco
View all CVEs affecting Firepower Extensible Operating System →
Firepower Extensible Operating System by Cisco
View all CVEs affecting Firepower Extensible Operating System →
Firepower Extensible Operating System by Cisco
View all CVEs affecting Firepower Extensible Operating System →
Firepower Extensible Operating System by Cisco
View all CVEs affecting Firepower Extensible Operating System →
Fxos by Cisco
Fxos by Cisco
Fxos by Cisco
Fxos by Cisco
Fxos by Cisco
Fxos by Cisco
Fxos by Cisco
Ios by Cisco
Ios by Cisco
Ios by Cisco
Ios by Cisco
Ios by Cisco
Ios Xe by Cisco
Cisco IOS XE is Cisco's modern network operating system running on enterprise routers, switches, and wireless controllers deployed across corporate networks, data centers, branch offices, and service provider infrastructure worldwide. As the evolution of Cisco IOS, IOS XE provides a Linux-based modu...
Learn more about Ios Xe →Ios Xe by Cisco
Cisco IOS XE is Cisco's modern network operating system running on enterprise routers, switches, and wireless controllers deployed across corporate networks, data centers, branch offices, and service provider infrastructure worldwide. As the evolution of Cisco IOS, IOS XE provides a Linux-based modu...
Learn more about Ios Xe →Ios Xe by Cisco
Cisco IOS XE is Cisco's modern network operating system running on enterprise routers, switches, and wireless controllers deployed across corporate networks, data centers, branch offices, and service provider infrastructure worldwide. As the evolution of Cisco IOS, IOS XE provides a Linux-based modu...
Learn more about Ios Xe →Ios Xe by Cisco
Cisco IOS XE is Cisco's modern network operating system running on enterprise routers, switches, and wireless controllers deployed across corporate networks, data centers, branch offices, and service provider infrastructure worldwide. As the evolution of Cisco IOS, IOS XE provides a Linux-based modu...
Learn more about Ios Xe →Ios Xe by Cisco
Cisco IOS XE is Cisco's modern network operating system running on enterprise routers, switches, and wireless controllers deployed across corporate networks, data centers, branch offices, and service provider infrastructure worldwide. As the evolution of Cisco IOS, IOS XE provides a Linux-based modu...
Learn more about Ios Xe →Ios Xr by Cisco
Ios Xr by Cisco
Ios Xr by Cisco
Ios Xr by Cisco
Ios Xr by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
Nx Os by Cisco
⚠️ Risk & Real-World Impact
Worst Case
Complete device reload causing extended network downtime and service disruption
Likely Case
Temporary DoS until device reboots, with potential for repeated attacks
If Mitigated
No impact if UDLD is disabled or proper network segmentation is in place
🎯 Exploit Status
Exploitation requires adjacent network access and control of a directly connected device. Attack conditions are strict according to Cisco.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by product - refer to Cisco advisory for specific fixed versions
Vendor Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-nxos-xr-udld-dos-W5hGHgtQ
Restart Required: Yes
Instructions:
1. Check Cisco advisory for affected versions. 2. Upgrade to recommended fixed version. 3. Reboot device after upgrade. 4. Verify UDLD configuration if needed.
🔧 Temporary Workarounds
Disable UDLD feature
allDisable the UDLD feature globally or on specific interfaces
no udld enable
interface <interface>
no udld enable
Network segmentation
allImplement strict network segmentation to limit adjacent access
🧯 If You Can't Patch
- Disable UDLD feature globally or on all interfaces
- Implement strict access controls and network segmentation to limit adjacent attacker access
🔍 How to Verify
Check if Vulnerable:
Check if UDLD is enabled: 'show udld' or 'show running-config | include udld'Check Version:
show versionVerify Fix Applied:
Verify running version matches fixed version from Cisco advisory and UDLD is disabled if not needed📡 Detection & Monitoring
Log Indicators:
- Device reload logs
- UDLD process crashes
- System instability messages
Network Indicators:
- Unusual UDLD packet patterns
- Repeated device reboots on network
SIEM Query:
Search for: 'device reload', 'UDLD error', 'system crash' in network device logs