关键信息 漏洞ID: cisco-sa-stfd-D2Wd4DY 严重性: High CVE编号: CVE-2021-1635 CVSS评分: Base 7.4 受影响的产品: - Cisco IOS Software (CSCvd84113) - Cisco IOS XE Software (CSCvd84208) - Cisco NX-OS Software (CSCvd84238) 漏洞描述: 在Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software中,由于对DHCPv6包的不正确处理,攻击者可以通过发送特制的DHCPv6包导致设备崩溃并重启,从而导致服务中断。 修复建议: Cisco已发布免费软件更新来解决此漏洞。客户应根据其合同获取这些更新。 确认不受影响的产品: - Firepower 1000 Series - Firepower 2100 Series - Firepower 4100 Series - Firepower Threat Defense Appliances - ISR 4G Software - MDS 9000 Family Multilayer Switches - Meraki products - Nexus 1000V Edge for VMware vSphere - Nexus 5500 Platform Switches - Nexus 6000 Series Switches - Nexus 9000 Series Fabric Switches in ACI mode - Secure Firewall 1200 Series - Secure Firewall 4200 Series - UCS 6100 Series Fabric Interconnects - UCS 6400 Series Fabric Interconnects - UCS 6500 Series Fabric Interconnects