The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2021-34703

CVE-2021-34703: Cisco IOS LLDP DoS Vulnerability

CVE-2021-34703 is a denial of service flaw in Cisco IOS and IOS XE Software's LLDP message parser that allows attackers to trigger device reloads. This article covers the technical details, affected systems, and mitigation.

Published: February 25, 2026

CVE-2021-34703 Overview

A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer within the LLDP processing component.

An attacker could exploit this vulnerability through multiple attack vectors: an authenticated remote attacker could access the LLDP neighbor table via the CLI or SNMP while the device is in a specific state; an unauthenticated adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network; or an authenticated adjacent attacker with SNMP read-only credentials or low privileges could combine frame injection with table access to trigger the vulnerability.

Critical Impact

Successful exploitation causes the affected Cisco device to crash and reload, resulting in network service disruption across enterprise and data center environments running vulnerable Cisco IOS or IOS XE software.

Affected Products

  • Cisco IOS Software
  • Cisco IOS XE Software
  • Cisco Integrated Services Routers (1000, 1100, 4000 series)
  • Cisco Catalyst Switches (3650, 3850, 9200, 9300, 9400, 9500, 9600, 9800 series)
  • Cisco CSR 1000v Cloud Services Router

Discovery Timeline

  • September 23, 2021 - CVE-2021-34703 published to NVD
  • November 21, 2024 - Last updated in NVD database

Technical Details for CVE-2021-34703

Vulnerability Analysis

This vulnerability exists within the LLDP message parser component of Cisco IOS and IOS XE Software. LLDP is a Layer 2 protocol used by network devices to advertise their identity, capabilities, and neighbors on a local area network. The vulnerable code path is triggered when the LLDP neighbor table is accessed via CLI or SNMP while the device has processed malformed LLDP frames.

The vulnerability can be exploited through three distinct methods:

  1. Authenticated Remote Attack: An attacker with CLI or SNMP access can trigger the vulnerability by querying the LLDP neighbor table when the device is in a vulnerable state.

  2. Unauthenticated Adjacent Attack: An attacker on the same network segment can inject specially crafted LLDP frames to corrupt the neighbor table, then wait for an administrator or NMS to query the table.

  3. Authenticated Adjacent Attack: An attacker with limited SNMP read-only credentials or low CLI privileges can inject malicious LLDP frames and then access the corrupted table themselves.

The attack requires network access and specific timing conditions, as the device must be in a particular state for exploitation to succeed.

Root Cause

The vulnerability stems from improper initialization of a buffer (CWE-665: Improper Initialization, CWE-456: Missing Initialization of a Variable). When LLDP frames are processed and stored in the neighbor table, certain buffer variables are not properly initialized before use. When the neighbor table is subsequently accessed, these uninitialized memory regions can cause the device to crash due to unexpected values or memory access violations.

Attack Vector

The attack can be executed over the network with low privileges required. For the adjacent attacker scenarios, the attacker must be able to send Layer 2 LLDP frames on the same network segment as the target device. The attack does not require any user interaction beyond administrative access to the LLDP neighbor table, which can occur during routine network management operations.

The exploitation flow typically involves:

  1. Attacker injects crafted LLDP frames containing specific malformed data into the network
  2. The target device receives and processes these frames, storing entries in the LLDP neighbor table
  3. Due to improper buffer initialization, corrupted data is stored in memory
  4. When an administrator or NMS queries the LLDP neighbor table via show lldp neighbors CLI command or SNMP OID access, the device attempts to read the uninitialized buffer
  5. The memory access violation triggers a device crash and automatic reload

Detection Methods for CVE-2021-34703

Indicators of Compromise

  • Unexpected device reloads or crashes on Cisco IOS/IOS XE devices with LLDP enabled
  • Crash logs indicating memory access violations in LLDP-related processes
  • Unusual LLDP traffic patterns or malformed LLDP frames captured on network segments
  • Multiple devices experiencing simultaneous reloads after LLDP neighbor table queries

Detection Strategies

  • Monitor syslog for crash events related to LLDP processing or memory exceptions
  • Implement network traffic analysis to detect anomalous LLDP frame patterns or high LLDP frame rates
  • Configure SNMP traps for device reload events and correlate with LLDP neighbor table access patterns
  • Deploy network intrusion detection rules to identify malformed LLDP frames with unusual TLV structures

Monitoring Recommendations

  • Enable crash dump collection on all affected Cisco devices to facilitate post-incident analysis
  • Implement centralized logging to correlate device reload events across the network infrastructure
  • Monitor SNMP and CLI access patterns to LLDP neighbor tables across managed devices
  • Establish baseline LLDP traffic patterns to identify anomalous injection attempts

How to Mitigate CVE-2021-34703

Immediate Actions Required

  • Review the Cisco Security Advisory to determine if your software version is affected
  • Apply the vendor-provided software updates to all affected Cisco IOS and IOS XE devices
  • Consider disabling LLDP on interfaces where it is not operationally required
  • Restrict network access to prevent untrusted devices from sending LLDP frames on critical network segments

Patch Information

Cisco has released security updates to address this vulnerability. Organizations should consult the Cisco Security Advisory for specific fixed software versions applicable to their deployed platforms. The advisory provides detailed information on affected and fixed releases for both Cisco IOS and Cisco IOS XE Software.

Workarounds

  • Disable LLDP globally or on specific interfaces where the protocol is not required using no lldp run or no lldp transmit and no lldp receive interface commands
  • Implement Layer 2 access control to restrict which devices can send LLDP frames on the network
  • Use port security features to limit the number of MAC addresses on switch ports and prevent unauthorized LLDP frame injection
  • Segment the network to isolate critical infrastructure from potentially compromised network segments
bash
# Configuration example - Disable LLDP globally
configure terminal
no lldp run
end
write memory

# Configuration example - Disable LLDP on specific interface
configure terminal
interface GigabitEthernet0/0
 no lldp transmit
 no lldp receive
end
write memory

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechCisco Ios
  • SeverityMEDIUM
  • CVSS Score6.5
  • EPSS Probability0.24%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-456
  • CWE-665
  • Vendor Resources
  • Cisco Security Advisory
  • Related CVEs
  • CVE-2026-20086: Cisco IOS XE Wireless Controller DoS Flaw
  • CVE-2026-20012: Cisco IKEv2 DoS Vulnerability
  • CVE-2026-20125: Cisco IOS HTTP Server DoS Vulnerability
  • CVE-2025-20169: Cisco IOS SNMP DoS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English