CVE-2021-34714 | Multiple Cisco Operating Systems Unidirectional Link Detection Denial of Service Vulnerability

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. This vulnerability is due to improper input validation of the UDLD packets. An attacker could exploit this vulnerability by sending specifically crafted UDLD packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. An attacker must have full control of a directly connected device. On Cisco IOS XR devices, the impact is limited to the reload of the UDLD process.

Published: 2021-09-23 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2021-34714 is rated Moderate Risk (46.3/100): CVSS High severity, with low exploitation likelihood (EPSS 0.24%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2021-34714

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-11-21 0.08% 0.24% +0.16%
2 2025-11-18 0.24% 0.08% -0.16%
3 2025-10-28 0.24%

Full EPSS history (15 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-34714

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.4 3.1 HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.8 4.0 [email protected]
7.4 3.1 HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.8 4.0 [email protected]
5.7 2.0 MEDIUM
AV:A/AC:M/Au:N/C:N/I:N/A:C Click to expand
Access vector (AV:A)
Requires access to an adjacent network segment.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:C)
Complete availability impact.
 5.5 6.9 [email protected]

Weakness enumeration for CVE-2021-34714

Affected software / configurations for CVE-2021-34714

Vendor Product Version Raw CPE
cisco fxos >= 2.2, < 2.2.2.148 cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:*
cisco fxos >= 2.3, < 2.3.1.216 cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:*
cisco fxos >= 2.4, < 2.4.1.273 cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:*
cisco fxos >= 2.6, < 2.6.1.224 cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:*
cisco fxos >= 2.7, < 2.7.1.143 cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:*
cisco fxos >= 2.8, < 2.8.1.143 cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:*
cisco fxos >= 2.9, < 2.9.1.135 cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:*
cisco firepower_extensible_operating_system <= 8.4\(3.115\) cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cisco ios <= 8.4\(3.115\) cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
cisco ios_xe <= 8.4\(3.115\) cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cisco ios_xr <= 8.4\(3.115\) cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
cisco nx-os <= 8.4\(3.115\) cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cisco firepower_extensible_operating_system <= 7.0\(3\)i7\(9\) cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cisco ios <= 7.0\(3\)i7\(9\) cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
cisco ios_xe <= 7.0\(3\)i7\(9\) cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cisco ios_xr <= 7.0\(3\)i7\(9\) cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
cisco nx-os <= 7.0\(3\)i7\(9\) cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cisco firepower_extensible_operating_system <= 7.3\(8\)n1\(1\) cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cisco ios <= 7.3\(8\)n1\(1\) cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
cisco ios_xe <= 7.3\(8\)n1\(1\) cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cisco ios_xr <= 7.3\(8\)n1\(1\) cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
cisco nx-os <= 7.3\(8\)n1\(1\) cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cisco firepower_extensible_operating_system <= 3.2\(3o\)a cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cisco ios <= 3.2\(3o\)a cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
cisco ios_xe <= 3.2\(3o\)a cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cisco ios_xr <= 3.2\(3o\)a cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
cisco nx-os <= 3.2\(3o\)a cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
cisco firepower_extensible_operating_system <= 4.1\(1a\)a cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cisco ios <= 4.1\(1a\)a cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
cisco ios_xe <= 4.1\(1a\)a cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
cisco ios_xr <= 4.1\(1a\)a cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*

References for CVE-2021-34714

cvelogic Threat Intelligence