Lucene search

CiscoCVE-2021-34696

HistorySep 23, 2021 - 3:15 a.m.

CVE-2021-34696

2021-09-2303:15:15

CWE-284

cisco

web.nvd.nist.gov

cisco

asr 900

asr 920

aggregation services routers

vulnerability

acl

bypass

remote attacker

nvd

cve-2021-34696

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON

A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.

Affected configurations

Nvd

Node

ciscoios_xeRange≤17.3.2

AND

ciscoasr_902Match-

ciscoasr_903Match-

ciscoasr_907Match-

ciscoasr_920-10sz-pdMatch-

ciscoasr_920-10sz-pd_rMatch-

ciscoasr_920-12cz-aMatch-

ciscoasr_920-12cz-a_rMatch-

ciscoasr_920-12cz-dMatch-

ciscoasr_920-12cz-d_rMatch-

ciscoasr_920-12sz-imMatch-

ciscoasr_920-12sz-im_rMatch-

ciscoasr_920-24sz-imMatch-

ciscoasr_920-24sz-im_rMatch-

ciscoasr_920-24sz-mMatch-

ciscoasr_920-24sz-m_rMatch-

ciscoasr_920-24tz-mMatch-

ciscoasr_920-24tz-m_rMatch-

ciscoasr_920-4sz-aMatch-

ciscoasr_920-4sz-a_rMatch-

ciscoasr_920-4sz-dMatch-

ciscoasr_920-4sz-d_rMatch-

ciscoasr_920u-12sz-imMatch-

VendorProductVersionCPE
ciscoios_xe*cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
ciscoasr_902-cpe:2.3:h:cisco:asr_902:-:*:*:*:*:*:*:*
ciscoasr_903-cpe:2.3:h:cisco:asr_903:-:*:*:*:*:*:*:*
ciscoasr_907-cpe:2.3:h:cisco:asr_907:-:*:*:*:*:*:*:*
ciscoasr_920-10sz-pd-cpe:2.3:h:cisco:asr_920-10sz-pd:-:*:*:*:*:*:*:*
ciscoasr_920-10sz-pd_r-cpe:2.3:h:cisco:asr_920-10sz-pd_r:-:*:*:*:*:*:*:*
ciscoasr_920-12cz-a-cpe:2.3:h:cisco:asr_920-12cz-a:-:*:*:*:*:*:*:*
ciscoasr_920-12cz-a_r-cpe:2.3:h:cisco:asr_920-12cz-a_r:-:*:*:*:*:*:*:*
ciscoasr_920-12cz-d-cpe:2.3:h:cisco:asr_920-12cz-d:-:*:*:*:*:*:*:*
ciscoasr_920-12cz-d_r-cpe:2.3:h:cisco:asr_920-12cz-d_r:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	*	cpe:2.3:o:cisco:ios_xe::::::::
cisco	asr_902	-	cpe:2.3:h:cisco:asr_902:-:::::::*
cisco	asr_903	-	cpe:2.3:h:cisco:asr_903:-:::::::*
cisco	asr_907	-	cpe:2.3:h:cisco:asr_907:-:::::::*
cisco	asr_920-10sz-pd	-	cpe:2.3:h:cisco:asr_920-10sz-pd:-:::::::*
cisco	asr_920-10sz-pd_r	-	cpe:2.3:h:cisco:asr_920-10sz-pd_r:-:::::::*
cisco	asr_920-12cz-a	-	cpe:2.3:h:cisco:asr_920-12cz-a:-:::::::*
cisco	asr_920-12cz-a_r	-	cpe:2.3:h:cisco:asr_920-12cz-a_r:-:::::::*
cisco	asr_920-12cz-d	-	cpe:2.3:h:cisco:asr_920-12cz-d:-:::::::*
cisco	asr_920-12cz-d_r	-	cpe:2.3:h:cisco:asr_920-12cz-d_r:-:::::::*

Rows per page:

1-10 of 231

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr900acl-UeEyCxkv

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON

Related for CVE-2021-34696