Lucene search

CiscoCVE-2021-34708

HistorySep 09, 2021 - 5:15 a.m.

CVE-2021-34708

2021-09-0905:15:07

CWE-347

cisco

web.nvd.nist.gov

cve-2021-34708

cisco

ncs 540

routers

cisco ios xr

vulnerabilities

image verification

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

Nvd

Node

cisco8101-32fhMatch-

cisco8101-32h

cisco8102-64hMatch-

cisco8201Match-

cisco8201-32fhMatch-

cisco8202Match-

cisco8800_12-slotMatch-

cisco8800_18-slotMatch-

cisco8800_4-slotMatch-

cisco8800_8-slotMatch-

AND

ciscoios_xrRange<7.3.2

Node

ciscon540-12z20g-sys-aMatch-

ciscon540-12z20g-sys-dMatch-

ciscon540-24z8q2c-mMatch-

ciscon540-24z8q2c-sysMatch-

ciscon540-28z4c-sys-aMatch-

ciscon540-28z4c-sys-dMatch-

ciscon540-acc-sysMatch-

ciscon540x-12z16g-sys-aMatch-

ciscon540x-12z16g-sys-dMatch-

ciscon540x-16z4g8q2c-aMatch-

ciscon540x-16z4g8q2c-dMatch-

ciscon540x-acc-sysMatch-

AND

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

VendorProductVersionCPE
cisco8101-32fh-cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*
cisco8101-32h*cpe:2.3:h:cisco:8101-32h:*:*:*:*:*:*:*:*
cisco8102-64h-cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*
cisco8201-cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*
cisco8201-32fh-cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*
cisco8202-cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*
cisco8800_12-slot-cpe:2.3:h:cisco:8800_12-slot:-:*:*:*:*:*:*:*
cisco8800_18-slot-cpe:2.3:h:cisco:8800_18-slot:-:*:*:*:*:*:*:*
cisco8800_4-slot-cpe:2.3:h:cisco:8800_4-slot:-:*:*:*:*:*:*:*
cisco8800_8-slot-cpe:2.3:h:cisco:8800_8-slot:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	8101-32fh	-	cpe:2.3:h:cisco:8101-32fh:-:::::::*
cisco	8101-32h	*	cpe:2.3:h:cisco:8101-32h::::::::
cisco	8102-64h	-	cpe:2.3:h:cisco:8102-64h:-:::::::*
cisco	8201	-	cpe:2.3:h:cisco:8201:-:::::::*
cisco	8201-32fh	-	cpe:2.3:h:cisco:8201-32fh:-:::::::*
cisco	8202	-	cpe:2.3:h:cisco:8202:-:::::::*
cisco	8800_12-slot	-	cpe:2.3:h:cisco:8800_12-slot:-:::::::*
cisco	8800_18-slot	-	cpe:2.3:h:cisco:8800_18-slot:-:::::::*
cisco	8800_4-slot	-	cpe:2.3:h:cisco:8800_4-slot:-:::::::*
cisco	8800_8-slot	-	cpe:2.3:h:cisco:8800_8-slot:-:::::::*

Rows per page:

1-10 of 231

CNA Affected

[
  {
    "product": "Cisco IOS XR Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-QN9mCzwn

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-34708