CVE-2021-34718

Description

A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.

Related CPE's

ociscoios_xr********

vulnerable

ociscoios_xr********

vulnerable

hciscoasr_9000v-v2-*******

hciscoasr_9001-*******

hciscoasr_9006-*******

hciscoasr_9010-*******

hciscoasr_9901-*******

hciscoasr_9902-*******

hciscoasr_9903-*******

hciscoasr_9904-*******

References

20210908 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability

Vendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

8.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

NONE

IntegrityImpact

COMPLETE

BaseScore

8.5

VectorString

AV:N/AC:L/Au:S/C:C/I:C/A:N

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE

Created by Yello
About Severity.io