CVE-2021-34723
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.
Affected (1)
Configuration A
| Running on/with | Platform Versions |
|---|---|
Cisco Asr 1000 X | All versions |
Cisco Asr 1001 | All versions |
Cisco Asr 1001 X | All versions |
Cisco Asr 1002 | All versions |
Cisco Asr 1002 X | All versions |
Cisco Asr 1004 | All versions |
Cisco Asr 1006 | All versions |
Cisco Asr 1013 | All versions |
Cisco Asr 1023 | All versions |
Configuration B
| Running on/with | Platform Versions |
|---|---|
Cisco 4321 Integrated Services Router | All versions |
Cisco 4331 Integrated Services Router | All versions |
Cisco 4351 Integrated Services Router | All versions |
Cisco 4431 Integrated Services Router | All versions |
Configuration C
| Running on/with | Platform Versions |
|---|---|
Cisco 1100 4g Integrated Services Router | All versions |
Cisco 1100 4gltegb Integrated Services Router | All versions |
Cisco 1100 4gltena Integrated Services Router | All versions |
Cisco 1100 6g Integrated Services Router | All versions |
Cisco 1100 Lte Integrated Services Router | All versions |
Cisco 1100 Integrated Services Router | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.