Lucene search

[email protected]CVE-2021-34728

HistorySep 09, 2021 - 5:15 a.m.

CVE-2021-34728

2021-09-0905:15:11

CWE-78

[email protected]

web.nvd.nist.gov

cisco

ios xr

software

vulnerabilities

cli

cve-2021-34728

security advisory

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

NVD

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

ciscoasr_9000v-v2Match-

ciscoasr_9001Match-

ciscoasr_9006Match-

ciscoasr_9010Match-

ciscoasr_9901Match-

ciscoasr_9902Match-

ciscoasr_9903Match-

ciscoasr_9904Match-

ciscoasr_9906Match-

ciscoasr_9910Match-

ciscoasr_9912Match-

ciscoasr_9922Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

ciscoios_xrvMatch-

ciscoios_xrv_9000Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_520Match-

cisconcs_540Match-

cisconcs_540_fronthaulMatch-

cisconcs_560-4Match-

cisconcs_560-7Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_5001Match-

cisconcs_5002Match-

cisconcs_5011Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_4009Match-

cisconcs_4016Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_5501Match-

cisconcs_5501-seMatch-

cisconcs_5502Match-

cisconcs_5502-seMatch-

cisconcs_5508Match-

cisconcs_5516Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_6000Match-

cisconcs_6008Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisconcs_1001Match-

cisconcs_1002Match-

cisconcs_1004Match-

Node

ciscoios_xrRange<7.3.2

ciscoios_xrRange7.4.0–7.4.1

AND

cisco8101-32fhMatch-

cisco8101-32hMatch-

cisco8102-64hMatch-

cisco8201Match-

cisco8201-32fhMatch-

cisco8202Match-

cisco8804Match-

cisco8808Match-

cisco8812Match-

cisco8818Match-

CPENameOperatorVersion
cisco:ios_xrcisco ios xrlt7.3.2
cisco:ios_xrcisco ios xrlt7.4.1

CPE	Name	Operator	Version
cisco:ios_xr	cisco ios xr	lt	7.3.2
cisco:ios_xr	cisco ios xr	lt	7.4.1

CNA Affected

[
  {
    "product": "Cisco IOS XR Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2021-34728

cnvd1 nvd1 cvelist1 prion1 cisco1 nessus1