Lucene search

[email protected]CVE-2021-34718

HistorySep 09, 2021 - 5:15 a.m.

CVE-2021-34718

2021-09-0905:15:11

CWE-88

[email protected]

web.nvd.nist.gov

cisco

ios xr

software

vulnerability

ssh server

remote attacker

arbitrary files

input validation

secure copy protocol

scp

privilege escalation

nvd

cve-2021-34718

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:C/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.

Affected configurations

NVD

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

ciscoasr_9000v-v2Match-

ciscoasr_9001Match-

ciscoasr_9006Match-

ciscoasr_9010Match-

ciscoasr_9901Match-

ciscoasr_9902Match-

ciscoasr_9903Match-

ciscoasr_9904Match-

ciscoasr_9906Match-

ciscoasr_9910Match-

ciscoasr_9912Match-

ciscoasr_9922Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

ciscoios_xrvMatch-

ciscoios_xrv_9000Match-

Node

cisconcs_520Match-

cisconcs_540Match-

cisconcs_540_fronthaulMatch-

cisconcs_560-4Match-

cisconcs_560-7Match-

AND

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_5001Match-

cisconcs_5002Match-

cisconcs_5011Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_4009Match-

cisconcs_4016Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_5501Match-

cisconcs_5501-seMatch-

cisconcs_5502Match-

cisconcs_5502-seMatch-

cisconcs_5508Match-

cisconcs_5516Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_6000Match-

cisconcs_6008Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_1001Match-

cisconcs_1002Match-

cisconcs_1004Match-

CPENameOperatorVersion
cisco:ios_xrcisco ios xrlt7.3.2
cisco:ios_xrcisco ios xrlt7.4.1

CPE	Name	Operator	Version
cisco:ios_xr	cisco ios xr	lt	7.3.2
cisco:ios_xr	cisco ios xr	lt	7.4.1

CNA Affected

[
  {
    "product": "Cisco IOS XR Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:C/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.2%

JSON

Related for CVE-2021-34718

nessus1 cnvd1 cvelist1 prion1 cisco1 nvd1