Vulnerabilites related to cisco - ncs_4009
cve-2021-34720
Vulnerability from cvelistv5
Published
2021-09-09 05:01
Modified
2024-11-07 22:00
Summary
A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.088Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210908 Cisco IOS XR Software IP Service Level Agreements  and Two-Way Active Measurement Protocol Denial of Service Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34720",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:54:22.268217Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T22:00:49.116Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco IOS XR Software",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-09-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-771",
                     description: "CWE-771",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-09-09T05:01:03",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210908 Cisco IOS XR Software IP Service Level Agreements  and Two-Way Active Measurement Protocol Denial of Service Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP",
            },
         ],
         source: {
            advisory: "cisco-sa-ipsla-ZA3SRrpP",
            defect: [
               [
                  "CSCvw32825",
                  "CSCvw61840",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco IOS XR Software IP Service Level Agreements  and Two-Way Active Measurement Protocol Denial of Service Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-09-08T16:00:00",
               ID: "CVE-2021-34720",
               STATE: "PUBLIC",
               TITLE: "Cisco IOS XR Software IP Service Level Agreements  and Two-Way Active Measurement Protocol Denial of Service Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco IOS XR Software",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.6",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-771",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210908 Cisco IOS XR Software IP Service Level Agreements  and Two-Way Active Measurement Protocol Denial of Service Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-ipsla-ZA3SRrpP",
               defect: [
                  [
                     "CSCvw32825",
                     "CSCvw61840",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34720",
      datePublished: "2021-09-09T05:01:03.855610Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T22:00:49.116Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34728
Vulnerability from cvelistv5
Published
2021-09-09 05:01
Modified
2024-11-07 22:00
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.161Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34728",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:43:09.558894Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T22:00:30.308Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco IOS XR Software",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-09-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-09-09T05:01:25",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
            },
         ],
         source: {
            advisory: "cisco-sa-iosxr-privescal-dZYMrKf",
            defect: [
               [
                  "CSCvx48004",
                  "CSCvx48007",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-09-08T16:00:00",
               ID: "CVE-2021-34728",
               STATE: "PUBLIC",
               TITLE: "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco IOS XR Software",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "7.8",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-78",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-iosxr-privescal-dZYMrKf",
               defect: [
                  [
                     "CSCvx48004",
                     "CSCvx48007",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34728",
      datePublished: "2021-09-09T05:01:25.148942Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T22:00:30.308Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34719
Vulnerability from cvelistv5
Published
2021-09-09 05:00
Modified
2024-11-07 22:00
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.125Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34719",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:43:13.784833Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T22:00:55.836Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco IOS XR Software",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-09-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-78",
                     description: "CWE-78",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-09-09T05:00:53",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
            },
         ],
         source: {
            advisory: "cisco-sa-iosxr-privescal-dZYMrKf",
            defect: [
               [
                  "CSCvx48004",
                  "CSCvx48007",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-09-08T16:00:00",
               ID: "CVE-2021-34719",
               STATE: "PUBLIC",
               TITLE: "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco IOS XR Software",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "7.8",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-78",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210908 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-iosxr-privescal-dZYMrKf",
               defect: [
                  [
                     "CSCvx48004",
                     "CSCvx48007",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34719",
      datePublished: "2021-09-09T05:00:53.764430Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T22:00:55.836Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-34718
Vulnerability from cvelistv5
Published
2021-09-09 05:00
Modified
2024-11-07 22:01
Summary
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T00:19:48.124Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20210908 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2021-34718",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-07T21:43:15.314953Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-07T22:01:03.620Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco IOS XR Software",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2021-09-08T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 8.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-88",
                     description: "CWE-88",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-09-09T05:00:43",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20210908 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2",
            },
         ],
         source: {
            advisory: "cisco-sa-iosxr-scp-inject-QwZOCv2",
            defect: [
               [
                  "CSCvx48017",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco IOS XR Software Arbitrary File Read and Write Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2021-09-08T16:00:00",
               ID: "CVE-2021-34718",
               STATE: "PUBLIC",
               TITLE: "Cisco IOS XR Software Arbitrary File Read and Write Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco IOS XR Software",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "8.1",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-88",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20210908 Cisco IOS XR Software Arbitrary File Read and Write Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-iosxr-scp-inject-QwZOCv2",
               defect: [
                  [
                     "CSCvx48017",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2021-34718",
      datePublished: "2021-09-09T05:00:43.820831Z",
      dateReserved: "2021-06-15T00:00:00",
      dateUpdated: "2024-11-07T22:01:03.620Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-3473
Vulnerability from cvelistv5
Published
2020-09-04 02:26
Modified
2024-11-13 18:07
Summary
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T07:37:54.202Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20200902 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2020-3473",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-13T17:18:08.322105Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-13T18:07:53.806Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco IOS XR Software",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2020-09-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-264",
                     description: "CWE-264",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-04T02:26:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20200902 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN",
            },
         ],
         source: {
            advisory: "cisco-sa-iosxr-LJtNFjeN",
            defect: [
               [
                  "CSCvs12604",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               DATE_PUBLIC: "2020-09-02T16:00:00",
               ID: "CVE-2020-3473",
               STATE: "PUBLIC",
               TITLE: "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Cisco IOS XR Software",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Cisco",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.",
                  },
               ],
            },
            exploit: [
               {
                  lang: "en",
                  value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
               },
            ],
            impact: {
               cvss: {
                  baseScore: "7.8",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-264",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20200902 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN",
                  },
               ],
            },
            source: {
               advisory: "cisco-sa-iosxr-LJtNFjeN",
               defect: [
                  [
                     "CSCvs12604",
                  ],
               ],
               discovery: "INTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2020-3473",
      datePublished: "2020-09-04T02:26:01.429734Z",
      dateReserved: "2019-12-12T00:00:00",
      dateUpdated: "2024-11-13T18:07:53.806Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-20236
Vulnerability from cvelistv5
Published
2023-09-13 16:39
Modified
2024-10-23 19:10
Summary
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
Impacted products
Vendor Product Version
Cisco Cisco IOS XR Software Version: 5.2.0
Version: 5.2.1
Version: 5.2.2
Version: 5.2.4
Version: 5.2.3
Version: 5.2.5
Version: 5.2.47
Version: 5.3.0
Version: 5.3.1
Version: 5.3.2
Version: 5.3.3
Version: 5.3.4
Version: 6.0.0
Version: 6.0.1
Version: 6.0.2
Version: 6.1.1
Version: 6.1.2
Version: 6.1.3
Version: 6.1.4
Version: 6.1.12
Version: 6.1.22
Version: 6.1.32
Version: 6.1.36
Version: 6.1.42
Version: 6.2.1
Version: 6.2.2
Version: 6.2.3
Version: 6.2.25
Version: 6.2.11
Version: 6.3.2
Version: 6.3.3
Version: 6.3.15
Version: 6.4.1
Version: 6.4.2
Version: 6.4.3
Version: 6.5.1
Version: 6.5.2
Version: 6.5.3
Version: 6.5.25
Version: 6.5.26
Version: 6.5.28
Version: 6.5.29
Version: 6.5.32
Version: 6.5.33
Version: 6.6.2
Version: 6.6.3
Version: 6.6.25
Version: 6.6.4
Version: 7.0.1
Version: 7.0.2
Version: 7.0.12
Version: 7.0.14
Version: 7.1.1
Version: 7.1.15
Version: 7.1.2
Version: 7.1.3
Version: 6.7.1
Version: 6.7.2
Version: 6.7.3
Version: 6.7.4
Version: 7.2.0
Version: 7.2.1
Version: 7.2.2
Version: 7.3.1
Version: 7.3.15
Version: 7.3.2
Version: 7.3.3
Version: 7.3.5
Version: 7.4.1
Version: 7.4.2
Version: 6.8.1
Version: 6.8.2
Version: 7.5.1
Version: 7.5.3
Version: 7.5.2
Version: 7.5.4
Version: 7.6.1
Version: 7.6.2
Version: 7.7.1
Version: 7.7.2
Version: 7.7.21
Version: 6.9.1
Version: 6.9.2
Version: 7.8.1
Version: 7.8.2
Version: 7.9.1
Version: 7.9.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:05:35.905Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ios_xr_software",
                  vendor: "cisco",
                  versions: [
                     {
                        lessThanOrEqual: "7.9.2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-20236",
                        options: [
                           {
                              Exploitation: "None",
                           },
                           {
                              Automatable: "No",
                           },
                           {
                              "Technical Impact": "Total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2023-11-15T16:36:16.200980Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-23T19:10:48.388Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco IOS XR Software",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "5.2.0",
                  },
                  {
                     status: "affected",
                     version: "5.2.1",
                  },
                  {
                     status: "affected",
                     version: "5.2.2",
                  },
                  {
                     status: "affected",
                     version: "5.2.4",
                  },
                  {
                     status: "affected",
                     version: "5.2.3",
                  },
                  {
                     status: "affected",
                     version: "5.2.5",
                  },
                  {
                     status: "affected",
                     version: "5.2.47",
                  },
                  {
                     status: "affected",
                     version: "5.3.0",
                  },
                  {
                     status: "affected",
                     version: "5.3.1",
                  },
                  {
                     status: "affected",
                     version: "5.3.2",
                  },
                  {
                     status: "affected",
                     version: "5.3.3",
                  },
                  {
                     status: "affected",
                     version: "5.3.4",
                  },
                  {
                     status: "affected",
                     version: "6.0.0",
                  },
                  {
                     status: "affected",
                     version: "6.0.1",
                  },
                  {
                     status: "affected",
                     version: "6.0.2",
                  },
                  {
                     status: "affected",
                     version: "6.1.1",
                  },
                  {
                     status: "affected",
                     version: "6.1.2",
                  },
                  {
                     status: "affected",
                     version: "6.1.3",
                  },
                  {
                     status: "affected",
                     version: "6.1.4",
                  },
                  {
                     status: "affected",
                     version: "6.1.12",
                  },
                  {
                     status: "affected",
                     version: "6.1.22",
                  },
                  {
                     status: "affected",
                     version: "6.1.32",
                  },
                  {
                     status: "affected",
                     version: "6.1.36",
                  },
                  {
                     status: "affected",
                     version: "6.1.42",
                  },
                  {
                     status: "affected",
                     version: "6.2.1",
                  },
                  {
                     status: "affected",
                     version: "6.2.2",
                  },
                  {
                     status: "affected",
                     version: "6.2.3",
                  },
                  {
                     status: "affected",
                     version: "6.2.25",
                  },
                  {
                     status: "affected",
                     version: "6.2.11",
                  },
                  {
                     status: "affected",
                     version: "6.3.2",
                  },
                  {
                     status: "affected",
                     version: "6.3.3",
                  },
                  {
                     status: "affected",
                     version: "6.3.15",
                  },
                  {
                     status: "affected",
                     version: "6.4.1",
                  },
                  {
                     status: "affected",
                     version: "6.4.2",
                  },
                  {
                     status: "affected",
                     version: "6.4.3",
                  },
                  {
                     status: "affected",
                     version: "6.5.1",
                  },
                  {
                     status: "affected",
                     version: "6.5.2",
                  },
                  {
                     status: "affected",
                     version: "6.5.3",
                  },
                  {
                     status: "affected",
                     version: "6.5.25",
                  },
                  {
                     status: "affected",
                     version: "6.5.26",
                  },
                  {
                     status: "affected",
                     version: "6.5.28",
                  },
                  {
                     status: "affected",
                     version: "6.5.29",
                  },
                  {
                     status: "affected",
                     version: "6.5.32",
                  },
                  {
                     status: "affected",
                     version: "6.5.33",
                  },
                  {
                     status: "affected",
                     version: "6.6.2",
                  },
                  {
                     status: "affected",
                     version: "6.6.3",
                  },
                  {
                     status: "affected",
                     version: "6.6.25",
                  },
                  {
                     status: "affected",
                     version: "6.6.4",
                  },
                  {
                     status: "affected",
                     version: "7.0.1",
                  },
                  {
                     status: "affected",
                     version: "7.0.2",
                  },
                  {
                     status: "affected",
                     version: "7.0.12",
                  },
                  {
                     status: "affected",
                     version: "7.0.14",
                  },
                  {
                     status: "affected",
                     version: "7.1.1",
                  },
                  {
                     status: "affected",
                     version: "7.1.15",
                  },
                  {
                     status: "affected",
                     version: "7.1.2",
                  },
                  {
                     status: "affected",
                     version: "7.1.3",
                  },
                  {
                     status: "affected",
                     version: "6.7.1",
                  },
                  {
                     status: "affected",
                     version: "6.7.2",
                  },
                  {
                     status: "affected",
                     version: "6.7.3",
                  },
                  {
                     status: "affected",
                     version: "6.7.4",
                  },
                  {
                     status: "affected",
                     version: "7.2.0",
                  },
                  {
                     status: "affected",
                     version: "7.2.1",
                  },
                  {
                     status: "affected",
                     version: "7.2.2",
                  },
                  {
                     status: "affected",
                     version: "7.3.1",
                  },
                  {
                     status: "affected",
                     version: "7.3.15",
                  },
                  {
                     status: "affected",
                     version: "7.3.2",
                  },
                  {
                     status: "affected",
                     version: "7.3.3",
                  },
                  {
                     status: "affected",
                     version: "7.3.5",
                  },
                  {
                     status: "affected",
                     version: "7.4.1",
                  },
                  {
                     status: "affected",
                     version: "7.4.2",
                  },
                  {
                     status: "affected",
                     version: "6.8.1",
                  },
                  {
                     status: "affected",
                     version: "6.8.2",
                  },
                  {
                     status: "affected",
                     version: "7.5.1",
                  },
                  {
                     status: "affected",
                     version: "7.5.3",
                  },
                  {
                     status: "affected",
                     version: "7.5.2",
                  },
                  {
                     status: "affected",
                     version: "7.5.4",
                  },
                  {
                     status: "affected",
                     version: "7.6.1",
                  },
                  {
                     status: "affected",
                     version: "7.6.2",
                  },
                  {
                     status: "affected",
                     version: "7.7.1",
                  },
                  {
                     status: "affected",
                     version: "7.7.2",
                  },
                  {
                     status: "affected",
                     version: "7.7.21",
                  },
                  {
                     status: "affected",
                     version: "6.9.1",
                  },
                  {
                     status: "affected",
                     version: "6.9.2",
                  },
                  {
                     status: "affected",
                     version: "7.8.1",
                  },
                  {
                     status: "affected",
                     version: "7.8.2",
                  },
                  {
                     status: "affected",
                     version: "7.9.1",
                  },
                  {
                     status: "affected",
                     version: "7.9.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "cvssV3_1",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-347",
                     description: "Improper Verification of Cryptographic Signature",
                     lang: "en",
                     type: "cwe",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-08-07T19:50:10.951Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
               url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
            },
         ],
         source: {
            advisory: "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
            defects: [
               "CSCvz63925",
               "CSCvz63918",
               "CSCwe12502",
               "CSCvz63929",
               "CSCwi31568",
               "CSCwh78724",
               "CSCwi26526",
               "CSCwh70601",
               "CSCwh78727",
               "CSCwj83430",
               "CSCwj88475",
            ],
            discovery: "INTERNAL",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2023-20236",
      datePublished: "2023-09-13T16:39:19.418Z",
      dateReserved: "2022-10-27T18:47:50.370Z",
      dateUpdated: "2024-10-23T19:10:48.388Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2023-09-13 17:15
Modified
2024-11-21 07:40
Summary
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F31C819-2725-4295-8FF3-BA00A7A6BE92",
                     versionEndExcluding: "7.10.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8208:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A34DAD43-0C95-4830-8078-EFE3E6C0A930",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8212:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "46F5CBF0-7F55-44C0-B321-896BDBA22679",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8218:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D381E343-416F-42AF-A780-D330954F238F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6655851F-58D9-49D9-A56E-8440A7F7BB45",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ED06361-5A68-4656-AEA5-240C290594CD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8831:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE2514A1-486C-40F7-8746-56E2B973CBE6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3FEF8271-315F-4756-931F-015F790BE693",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "324C97E6-1810-404F-9F45-6240F99FF039",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA241214-2F05-4360-9B50-385355E29CF4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F396564E-B477-4A27-A189-CEB737552E25",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5445CC54-ACFB-4070-AF26-F91FEAA85181",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9920:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "49E7ED87-8AC0-4107-A7A5-F334236E2906",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F6E0FBE-70B7-413C-8943-39BEFE050298",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4201:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "41C5ECF8-EFFE-4C27-8DCB-2533BFD5200F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4202:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "68C23248-3D61-4BAF-9602-BA31FB4374DD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4206:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C36494B4-8E2D-4399-97B5-725792BD5C45",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4216:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0819EF17-5102-45FF-96AD-85BE17FD6921",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "98622F14-CC47-45E0-85E4-A7243309487C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D686F339-9406-4ADF-B124-C815D43E4CAA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501:se:*:*:*:*:*:*:*",
                     matchCriteriaId: "22FE69B4-DF27-46F1-8037-4B8D1F229C6B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502:se:*:*:*:*:*:*:*",
                     matchCriteriaId: "603980FE-9865-4A71-A37C-A90B7F3B72D6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "43D21B01-A754-474F-8E46-14D733AB307E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "17D6424C-972F-459C-B8F7-04FFD9F541BC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "08864A59-0840-4407-8D30-9CE34BAF05E7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CD3B06B-864E-4A35-B0C3-1654390022D2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "355F78C3-C07F-48C3-9B6E-55714EAA7331",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_57c3-mods-sys:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "98F06B5D-6CE8-42C3-8760-89B4EF1FFC21",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en la función de arranque iPXE del software Cisco IOS XR podría permitir que un atacante local autenticado instale una imagen de software no verificada en un dispositivo afectado. Esta vulnerabilidad se debe a una verificación de imagen insuficiente. Un atacante podría aprovechar esta vulnerabilidad manipulando los parámetros de arranque para la verificación de imágenes durante el proceso de arranque iPXE en un dispositivo afectado. Una explotación exitosa podría permitir al atacante iniciar una imagen de software no verificada en el dispositivo afectado.",
      },
   ],
   id: "CVE-2023-20236",
   lastModified: "2024-11-21T07:40:57.700",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 6.7,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.8,
            impactScore: 5.9,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-09-13T17:15:09.607",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-347",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-345",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "908B6BB7-630C-4B3B-94EF-F910D8D2FF8C",
                     versionEndIncluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "324C97E6-1810-404F-9F45-6240F99FF039",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA241214-2F05-4360-9B50-385355E29CF4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F396564E-B477-4A27-A189-CEB737552E25",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5445CC54-ACFB-4070-AF26-F91FEAA85181",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "908B6BB7-630C-4B3B-94EF-F910D8D2FF8C",
                     versionEndIncluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "08864A59-0840-4407-8D30-9CE34BAF05E7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "98622F14-CC47-45E0-85E4-A7243309487C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B254955-C485-45D7-A19B-E78CE1D997AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "43D21B01-A754-474F-8E46-14D733AB307E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "17D6424C-972F-459C-B8F7-04FFD9F541BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "523058BF-DE14-4FAD-8A67-C8CA795032D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F6E0FBE-70B7-413C-8943-39BEFE050298",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B832863-E366-46ED-BC35-838762F0CE29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6655851F-58D9-49D9-A56E-8440A7F7BB45",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ED06361-5A68-4656-AEA5-240C290594CD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado con una cuenta de bajo privilegio elevar los privilegios en un dispositivo afectado. Para conseguir más información sobre estas vulnerabilidades, consulte la sección Details de este aviso",
      },
   ],
   id: "CVE-2021-34719",
   lastModified: "2024-11-21T06:11:02.477",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-09-09T05:15:11.310",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-09-04 03:15
Modified
2024-11-21 05:31
Summary
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "50097B5A-98AC-4790-AB45-FB5B5118D3F8",
                     versionEndExcluding: "7.0.12",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DDFFC1A3-D76E-4CF9-97F8-D45493CFF949",
                     versionEndExcluding: "7.2.1",
                     versionStartIncluding: "7.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ED06361-5A68-4656-AEA5-240C290594CD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB5520C5-0DD6-4633-B0CB-E6B17C1976D7",
                     versionEndExcluding: "6.6.3",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "00AFC058-2750-4A6F-B321-DF159214FCA5",
                     versionEndExcluding: "7.0.2",
                     versionStartIncluding: "7.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "97D588E3-03D6-4872-A376-A54708FC7EDD",
                     versionEndExcluding: "7.1.1",
                     versionStartIncluding: "7.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B254955-C485-45D7-A19B-E78CE1D997AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "43D21B01-A754-474F-8E46-14D733AB307E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "17D6424C-972F-459C-B8F7-04FFD9F541BC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "523058BF-DE14-4FAD-8A67-C8CA795032D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BA67FD7-DDA0-45E0-B172-3278BD48CC4E",
                     versionEndExcluding: "6.5.29",
                     versionStartIncluding: "5.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en la asignación de grupos de tareas para un comando de la CLI específico en Cisco IOS XR Software, podría permitir a un usuario del shell de la CLI local autenticado elevar privilegios y obtener el control administrativo total del dispositivo. La vulnerabilidad es debido a una asignación incorrecta de un comando para grupos de tareas dentro del código fuente. Un atacante podría explotar esta vulnerabilidad si se autentica primero en el shell de la CLI local en el dispositivo y usando el comando de la CLI para omitir las comprobaciones group–based de tareas. Una explotación con éxito podría permitir al atacante elevar los privilegios y llevar a cabo acciones en el dispositivo sin comprobaciones de autorización",
      },
   ],
   id: "CVE-2020-3473",
   lastModified: "2024-11-21T05:31:08.433",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-09-04T03:15:10.277",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Summary
A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
                     versionEndExcluding: "6.2.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19A362A-DF30-4B02-832E-FB5389C9400E",
                     versionEndExcluding: "6.3.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "324C97E6-1810-404F-9F45-6240F99FF039",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA241214-2F05-4360-9B50-385355E29CF4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F396564E-B477-4A27-A189-CEB737552E25",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5445CC54-ACFB-4070-AF26-F91FEAA85181",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
                     versionEndExcluding: "6.2.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19A362A-DF30-4B02-832E-FB5389C9400E",
                     versionEndExcluding: "6.3.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
                     versionEndExcluding: "6.2.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19A362A-DF30-4B02-832E-FB5389C9400E",
                     versionEndExcluding: "6.3.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "08864A59-0840-4407-8D30-9CE34BAF05E7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
                     versionEndExcluding: "6.2.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19A362A-DF30-4B02-832E-FB5389C9400E",
                     versionEndExcluding: "6.3.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "98622F14-CC47-45E0-85E4-A7243309487C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
                     versionEndExcluding: "6.2.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19A362A-DF30-4B02-832E-FB5389C9400E",
                     versionEndExcluding: "6.3.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
                     versionEndExcluding: "6.2.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19A362A-DF30-4B02-832E-FB5389C9400E",
                     versionEndExcluding: "6.3.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B254955-C485-45D7-A19B-E78CE1D997AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "43D21B01-A754-474F-8E46-14D733AB307E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "17D6424C-972F-459C-B8F7-04FFD9F541BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
                     versionEndExcluding: "6.2.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19A362A-DF30-4B02-832E-FB5389C9400E",
                     versionEndExcluding: "6.3.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "523058BF-DE14-4FAD-8A67-C8CA795032D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
                     versionEndExcluding: "6.2.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19A362A-DF30-4B02-832E-FB5389C9400E",
                     versionEndExcluding: "6.3.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F6E0FBE-70B7-413C-8943-39BEFE050298",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4C3C4D0F-CAF7-44E8-9B7E-E45D00457A75",
                     versionEndExcluding: "6.2.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D19A362A-DF30-4B02-832E-FB5389C9400E",
                     versionEndExcluding: "6.3.2",
                     versionStartIncluding: "6.3.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFFB34B7-8C3B-4C5F-8521-B6EAE9CBFBEA",
                     versionEndExcluding: "7.2.2",
                     versionStartIncluding: "6.5.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B832863-E366-46ED-BC35-838762F0CE29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6655851F-58D9-49D9-A56E-8440A7F7BB45",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ED06361-5A68-4656-AEA5-240C290594CD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. This vulnerability exists because socket creation failures are mishandled during the IP SLA and TWAMP processes. An attacker could exploit this vulnerability by sending specific IP SLA or TWAMP packets to an affected device. A successful exploit could allow the attacker to exhaust the packet memory, which will impact other processes, such as routing protocols, or crash the IP SLA process.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en las funciones de respuesta de los Acuerdos de Nivel de Servicio IP (IP SLA) y del Protocolo de Medición Activa de Dos Vías (TWAMP) de Cisco IOS XR Software podría permitir a un atacante remoto no autenticado causar el agotamiento de la memoria de paquetes del dispositivo o causar el bloqueo del proceso IP SLA, resultando en una condición de denegación de servicio (DoS). Esta vulnerabilidad Se presenta porque los fallos en la creación de sockets son manejados inapropiadamente durante los procesos IP SLA y TWAMP. Un atacante podría explotar esta vulnerabilidad mediante el envío de paquetes específicos de IP SLA o TWAMP a un dispositivo afectado. Una explotación con éxito podría permitir a un atacante agotar la memoria de paquetes, lo que afectaría a otros procesos, como los protocolos de enrutamiento, o bloquearía el proceso IP SLA",
      },
   ],
   id: "CVE-2021-34720",
   lastModified: "2024-11-21T06:11:02.663",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-09-09T05:15:11.463",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-771",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Summary
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "324C97E6-1810-404F-9F45-6240F99FF039",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA241214-2F05-4360-9B50-385355E29CF4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F396564E-B477-4A27-A189-CEB737552E25",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5445CC54-ACFB-4070-AF26-F91FEAA85181",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "08864A59-0840-4407-8D30-9CE34BAF05E7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "98622F14-CC47-45E0-85E4-A7243309487C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B254955-C485-45D7-A19B-E78CE1D997AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "43D21B01-A754-474F-8E46-14D733AB307E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "17D6424C-972F-459C-B8F7-04FFD9F541BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "523058BF-DE14-4FAD-8A67-C8CA795032D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F6E0FBE-70B7-413C-8943-39BEFE050298",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B832863-E366-46ED-BC35-838762F0CE29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6655851F-58D9-49D9-A56E-8440A7F7BB45",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9ED06361-5A68-4656-AEA5-240C290594CD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades en la CLI de Cisco IOS XR Software podrían permitir a un atacante local autenticado con una cuenta de bajo privilegio elevar los privilegios en un dispositivo afectado. Para conseguir más información sobre estas vulnerabilidades, consulte la sección Details de este aviso",
      },
   ],
   id: "CVE-2021-34728",
   lastModified: "2024-11-21T06:11:03.867",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-09-09T05:15:11.870",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privescal-dZYMrKf",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-09-09 05:15
Modified
2024-11-21 06:11
Summary
A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "324C97E6-1810-404F-9F45-6240F99FF039",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA241214-2F05-4360-9B50-385355E29CF4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F396564E-B477-4A27-A189-CEB737552E25",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5445CC54-ACFB-4070-AF26-F91FEAA85181",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ios_xrv:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F39CC9A-297B-428A-82B4-BA0B83AA85CD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_520:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5249FE7A-FAAE-42C4-9250-DF4B2009F420",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_540_fronthaul:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9C17E4B-1B14-42F2-BCE6-2D5020625382",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "08864A59-0840-4407-8D30-9CE34BAF05E7",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "98622F14-CC47-45E0-85E4-A7243309487C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B254955-C485-45D7-A19B-E78CE1D997AD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "43D21B01-A754-474F-8E46-14D733AB307E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "17D6424C-972F-459C-B8F7-04FFD9F541BC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "523058BF-DE14-4FAD-8A67-C8CA795032D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3970EB8-C75E-4610-9772-A7BD0CF4B018",
                     versionEndExcluding: "7.3.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42290FCA-82E3-4D64-801C-F65FF4CAAFBD",
                     versionEndExcluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F6E0FBE-70B7-413C-8943-39BEFE050298",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el proceso del servidor SSH de Cisco IOS XR Software podría permitir a un atacante remoto autenticado sobrescribir y leer archivos arbitrario en el dispositivo local. Esta vulnerabilidad es debido a una insuficiente comprobación de entrada de los argumentos suministrados por el usuario para un método específico de transferencia de archivos. Un atacante con privilegios de nivel inferior podría explotar esta vulnerabilidad al especificar parámetros del Protocolo de Copia Segura (SCP) cuando se autentifica en un dispositivo. Una explotación con éxito podría permitir al atacante elevar sus privilegios y recuperar y cargar archivos en un dispositivo al que no debería tener acceso",
      },
   ],
   id: "CVE-2021-34718",
   lastModified: "2024-11-21T06:11:02.320",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 8.5,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 9.2,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "ykramarz@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-09-09T05:15:11.103",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-inject-QwZOCv2",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-88",
            },
         ],
         source: "ykramarz@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-88",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}