CVE-2021-34722

Published: Sep 9, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (2)

Products: Cisco: Ios Xr

Cisco

1 product

Ios Xr

Configuration A

12 platform

Running on/with	Platform Versions
Cisco Asr 9000v V2	All versions
Cisco Asr 9001	All versions
Cisco Asr 9006	All versions
Cisco Asr 9010	All versions
Cisco Asr 9901	All versions
Cisco Asr 9902	All versions
Cisco Asr 9903	All versions
Cisco Asr 9904	All versions
Cisco Asr 9906	All versions
Cisco Asr 9910	All versions
Cisco Asr 9912	All versions
Cisco Asr 9922	All versions

Configuration B

2 platform

Running on/with	Platform Versions
Cisco Ios Xrv	All versions
Cisco Ios Xrv 9000	All versions

Configuration C

5 platform

Running on/with	Platform Versions
Cisco Ncs 520	All versions
Cisco Ncs 540	All versions
Cisco Ncs 540 Fronthaul	All versions
Cisco Ncs 560 4	All versions
Cisco Ncs 560 7	All versions

Configuration D

3 platform

Running on/with	Platform Versions
Cisco Ncs 5001	All versions
Cisco Ncs 5002	All versions
Cisco Ncs 5011	All versions

Configuration E

6 platform

Running on/with	Platform Versions
Cisco Ncs 5501	All versions
Cisco Ncs 5501 Se	All versions
Cisco Ncs 5502	All versions
Cisco Ncs 5502 Se	All versions
Cisco Ncs 5508	All versions
Cisco Ncs 5516	All versions

Configuration F

2 platform

Running on/with	Platform Versions
Cisco Ncs 6000	All versions
Cisco Ncs 6008	All versions

Configuration G

3 platform

Running on/with	Platform Versions
Cisco Ncs 1001	All versions
Cisco Ncs 1002	All versions
Cisco Ncs 1004	All versions

Configuration H

2 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Cisco Ios Xr	From 7.1.1 to 7.3.2
Cisco Ios Xr	From 7.4.0 to 7.4.1

Running on/with	Platform Versions
Cisco 8101 32fh	All versions
Cisco 8101 32h	All versions
Cisco 8102 64h	All versions
Cisco 8201	All versions
Cisco 8201 32fh	All versions
Cisco 8202	All versions
Cisco 8804	All versions
Cisco 8808	All versions
Cisco 8812	All versions
Cisco 8818	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cmd-inj-wbZKvPxc

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.