vulnerability

Cisco IOS: CVE-2021-34705: Cisco IOS and IOS XE Software FXO Interface Destination Pattern Bypass Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	2021-09-23	2021-09-23	2024-04-22

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

2021-09-23

Added

2021-09-23

Modified

2024-04-22

Description

A vulnerability in the Voice Telephony Service Provider (VTSP) service of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured destination patterns and dial arbitrary numbers. This vulnerability is due to insufficient validation of dial strings at Foreign Exchange Office (FXO) interfaces. An attacker could exploit this vulnerability by sending a malformed dial string to an affected device via either the ISDN protocol or SIP. A successful exploit could allow the attacker to conduct toll fraud, resulting in unexpected financial impact to affected customers.

Solution

cisco-ios-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today