vulnerability

Cisco IOS-XR: CVE-2021-34718: Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:N)	Sep 9, 2021	Oct 21, 2021	Dec 21, 2022

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:N)

Published

Sep 9, 2021

Added

Oct 21, 2021

Modified

Dec 21, 2022

Description

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.

Solution

update-xros

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today